Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 4, 2010, 05:06 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Reports of 'App Store Hacked' Greatly Exaggerated






Earlier today a report on TheNextWeb claimed that the App Store had been hacked and that a rogue developer had gamed the system by artificially driving sales to their eBooks. The rise in ranks were noted by competing developers who thought the rise strange given that the books all represented poorly coded Vietnamese-based books.

A couple of reviews left on one of the books revealed that at least two customers had their iTunes accounts compromised to purchase the books. This led to theories that a widespread attack specifically tied to this developer could be the cause of the rise in ranks. Which then led to a cascade of headlines suggesting that everyone's iTunes account was suddenly vulnerable to a coordinated attack. While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.

The Book category in which we found these apps (note, they've been pulled from the App Store) is one of the lowest trafficked categories in the App Store. Based on sales reports we've received from developers, the number of daily sales required to hold a book in the #10-#50 rank seems to range from 50-250 sales a day. That means that even if every sale was based on a compromised account, the actual number of accounts involved are minuscule compared to the 100 million active iTunes accounts.

Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed. However, this issue has been ongoing for years and we're not convinced there has been a major spike in activity. iTunes accounts are easy targets since they are so common. In our forums we have had a running thread on the topic since January 2008. A few reports appear every few months. There do seem to be a higher number of reports arising the past day or two of other iTunes accounts being hacked. It's certainly possible there has been an acute rise in the past few days, but the added press coverage will certainly attract more stories. Meanwhile, a blog post from 2009 similarly attracted a number of "me too" reports.

It's still a good idea to make sure your accounts are safe, and especially important to make sure you have good (and different) passwords on all your sensitive accounts. Common mistakes include easy to guess passwords and shared passwords across multiple accounts.

Article Link: Reports of 'App Store Hacked' Greatly Exaggerated
MacRumors is offline   0 Reply With Quote
Old Jul 4, 2010, 05:11 PM   #2
Dainin
macrumors regular
 
Join Date: Sep 2009
The media loves to blow anything apple up. Great report.
Dainin is offline   0 Reply With Quote
Old Jul 4, 2010, 05:12 PM   #3
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 1.6; en-gb; Dell Streak Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1)

I just hope whomever gets targetted in these attacks gets their money back.
__________________
Windows 8 Desktop | HP Chromebook 11 | Moto G GPE | LG G Watch | iPhone 4s | iPad Mini Retina | Asus MemoPad ME176C
ChazUK is offline   0 Reply With Quote
Old Jul 4, 2010, 05:15 PM   #4
adamvk
macrumors 65816
 
adamvk's Avatar
 
Join Date: Oct 2008
Location: Phoenix, AZ
Hopefully someone hacks in again and starts adding more iPad apps....

edit: Chaz UK, how'd you get a Dell Streak?
__________________
Retina MBP | iPhone 5 | iPad Mini
adamvk is offline   0 Reply With Quote
Old Jul 4, 2010, 05:16 PM   #5
JoeG4
macrumors 68020
 
JoeG4's Avatar
 
Join Date: Jan 2002
Location: Bay Area, Ca.
Send a message via ICQ to JoeG4 Send a message via AIM to JoeG4
mhmmm just a few hundred people have been ripped off, no big deal.
__________________
I've been a huge fan of Mac OS X since 2001!
JoeG4 is online now   0 Reply With Quote
Old Jul 4, 2010, 05:18 PM   #6
mikemac11
macrumors newbie
 
Join Date: Jun 2010
Must have been a slow news day if all sites have to report on are a few phished iTunes accounts
mikemac11 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:18 PM   #7
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 1.6; en-gb; Dell Streak Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1)

Quote:
Originally Posted by adamvk
Hopefully someone hacks in again and starts adding more iPad apps....

edit: Chaz UK, how'd you get a Dell Streak?
The streak has been out for a few weeks in the U.K!
__________________
Windows 8 Desktop | HP Chromebook 11 | Moto G GPE | LG G Watch | iPhone 4s | iPad Mini Retina | Asus MemoPad ME176C
ChazUK is offline   0 Reply With Quote
Old Jul 4, 2010, 05:20 PM   #8
DipDog3
macrumors 6502a
 
DipDog3's Avatar
 
Join Date: Sep 2002
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

Hacked iTunes accounts could make for some big bucks in the App Store which is probably why they did it.
__________________

Interactive Phone - Try out the new Virtual iPhone 5s (Download Code @ RedRome.com)
DipDog3 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:21 PM   #9
iphones4evry1
macrumors 65816
 
iphones4evry1's Avatar
 
Join Date: Nov 2008
Location: California, USA
The security and unhackability of Apple systems has been greatly exaggerated.
iphones4evry1 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:21 PM   #10
chris200x9
macrumors 6502a
 
Join Date: Jun 2006
I was hacked, true story.
chris200x9 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:24 PM   #11
RonHC
macrumors 6502a
 
RonHC's Avatar
 
Join Date: Apr 2010
Save the children
RonHC is offline   0 Reply With Quote
Old Jul 4, 2010, 05:25 PM   #12
Warbrain
macrumors 603
 
Warbrain's Avatar
 
Join Date: Jun 2004
Location: Chicago, IL
Maybe people will bitch about this instead of the iPhone even if they didn't get hacked.
__________________
WARBRAIN
Twitter | Blog
Warbrain is offline   0 Reply With Quote
Old Jul 4, 2010, 05:29 PM   #13
abhibeckert
macrumors member
 
Join Date: Jun 2007
A couple of weeks ago a family friend was bitten by fraudulent transactions in iTunes, over $300+ worth.

They were refunded, but I wonder if this is more widespread than the article implies? A whole bunch of illegal credit card transactions which push you up to the top could very well result in a bunch of perfectly legit transactions.

Apple needs to tread carefully. There's no way to prove the guy who's selling the app was involved in the fraud. It could be a competitor trying to get him banned.
abhibeckert is offline   0 Reply With Quote
Old Jul 4, 2010, 05:31 PM   #14
chris200x9
macrumors 6502a
 
Join Date: Jun 2006
Quote:
Originally Posted by iphones4evry1 View Post
The security and unhackability of Apple systems has been greatly exaggerated.
+1 either they got a trojan on their mac, or a rogue app got their info. Funny how android got a rogue app and everybody here was like "ZOMG!!!111"
chris200x9 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:31 PM   #15
Nord
macrumors member
 
Join Date: Apr 2010
propos password, their's an easy solution: make a horribly long password of 16-20 "letters" with special characters and numbers and letters together, you'll be safe for many, many years, if not your whole life.
Nord is offline   0 Reply With Quote
Old Jul 4, 2010, 05:36 PM   #16
chris200x9
macrumors 6502a
 
Join Date: Jun 2006
Quote:
Originally Posted by Nord View Post
propos password, their's an easy solution: make a horribly long password of 16-20 "letters" with special characters and numbers and letters together, you'll be safe for many, many years, if not your whole life.
Sure, if it was a brute force attack which I do not believe it was. I don't care how long your password is a trojan can get it just as easily.
chris200x9 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:39 PM   #17
charlituna
macrumors 604
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by ChazUK View Post
Wirelessly posted (Mozilla/5.0 (Linux; U; Android 1.6; en-gb; Dell Streak Build/Donut) AppleWebKit/528.5+ (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1)

I just hope whomever gets targetted in these attacks gets their money back.
I suspect it was mostly no one. The lists change constantly and already those titles are mostly gone.

So my guess is that this developer decided to try something cute. Created a bunch of fake accounts using hotmail, gmail etc. maybe a few friends mixed in (a couple of whom could have gotten nervous and decided to try 'hacked' to protect themselves or maybe he promised to repay them and didn't). Use some gift cards bought with cash and no one is any wiser.

It's actually not the first time that someone padded figures and/or reviews. and on a potentially slow weekend it would be rather easy to do, especially on a system that updates very often.
charlituna is offline   0 Reply With Quote
Old Jul 4, 2010, 05:44 PM   #18
faroZ06
Banned
 
Join Date: Apr 2009
Passwords

They probably had insecure passwords that were real words. This doesn' mean that the Apple computer is vulnerable to viruses (as some of you seem to think).
faroZ06 is offline   0 Reply With Quote
Old Jul 4, 2010, 05:44 PM   #19
mikethebigo
macrumors 65816
 
Join Date: May 2009
This is only big news (like other big news stories about Apple recently) because Apple parades around and keeps talking about how much better they are than everyone else. Truth is, any major online retailer has to deal with hacking, every major phone manufacturer builds phones with defects, etc.

Don't complain when you over-inflate your image and then people realize you're just a company run by humans like everyone else.
__________________
When you feel like getting in an argument with someone on the internet, see here.
mikethebigo is offline   0 Reply With Quote
Old Jul 4, 2010, 05:47 PM   #20
Lord Vader
macrumors 6502a
 
Lord Vader's Avatar
 
Join Date: Apr 2010
Location: Death Star
Quote:
Originally Posted by chris200x9 View Post
+1 either they got a trojan on their mac, or a rogue app got their info. Funny how android got a rogue app and everybody here was like "ZOMG!!!111"
How do you know it was Mac and not PC?
__________________
I never said that, and you're misquoting me ... or somebody is, but I'm gonna get to the bottom of it.
Lord Vader is offline   0 Reply With Quote
Old Jul 4, 2010, 05:48 PM   #21
ValSalva
macrumors 68040
 
ValSalva's Avatar
 
Join Date: Jun 2009
Location: Burpelson AFB
I'd better change my password. I guess "password" isn't considered secure
ValSalva is offline   0 Reply With Quote
Old Jul 4, 2010, 05:49 PM   #22
Jazerai
macrumors newbie
 
Join Date: Aug 2008
i was one of the people that posted a link to the article. i haven't gone back and re-read it but i don't remember there being anything in the article that could be taken as an attack on apple. just a news story about what happened.

i understand that apple and the iphone 4 have been taking a beating recently but seriously... people are losing money. a pretty good amount of it in some cases. do people here really think that saying it's only happened to a few hundred people means it isn't worth reporting?

http://forums.macrumors.com/showthread.php?t=407990
Jazerai is offline   0 Reply With Quote
Old Jul 4, 2010, 05:50 PM   #23
Consultant
macrumors G5
 
Consultant's Avatar
 
Join Date: Jun 2007
AKA mor0s falls for phising scams, blame Apple for their lack of common sense.


Quote:
Originally Posted by mikethebigo View Post
This is only big news (like other big news stories about Apple recently) because Apple parades around and keeps talking about how much better they are than everyone else. Truth is, any major online retailer has to deal with hacking, every major phone manufacturer builds phones with defects, etc.

Don't complain when you over-inflate your image and then people realize you're just a company run by humans like everyone else.
Some people are pretty clueless about the differences between account being hacked or user stupidity.
Consultant is offline   0 Reply With Quote
Old Jul 4, 2010, 05:54 PM   #24
Nord
macrumors member
 
Join Date: Apr 2010
Quote:
Originally Posted by chris200x9 View Post
Sure, if it was a brute force attack which I do not believe it was. I don't care how long your password is a trojan can get it just as easily.
I doubt that, why would websites recommend long passwords if they're just as inefficient as shorter ones as you claim ? In that case, who cares about long passwords ?
That simply isn't true. I'm no expert of course, but I know that with 20 characters, there are quadrillions of combinations (I don't make the maths, I'll let you do it if it bothers you), making it impossible to crack, even for a machine and a life time isn't enough to crack it, and even if it was, finding another way to enter would take less time than find it.

Length is much more secure than "complexity" (adding $ and otehr &, %) onto a short password, it's good, but not enough and won't be as efficient than using normal alphabet, random at best, with a 20+ long password.

Last edited by Nord; Jul 4, 2010 at 05:59 PM.
Nord is offline   0 Reply With Quote
Old Jul 4, 2010, 05:59 PM   #25
mauree
macrumors newbie
 
Join Date: Jun 2010
Quote:
Originally Posted by Nord View Post
I doubt that, why would websites recommend long passwords if they're just as inefficient as shorter ones as you claim ? In that case, who cares about long passwords ?
That simply isn't true. I'm no expert of course, but I know that with 20 characters, there are quadrillions of combinations (I don't make the maths, I'll let you do it if it bothers you), making it impossible to crack, even for a machine and a life time isn't enough to crack it, and even if it was, finding another way to enter would take less time than find it.

Length is much more secure than "complexity" (adding $ and otehr &, %) onto a short password, it's good, but not enough and won't be as efficient than using normal alphabet with a 20+ long password. One letter adds many, many more possibilities.
Nord, what he meant is that malware could, for example, detect your password as you type it, find it on your hard drive, etc. In that case it doesn't matter how many letter it's long, cause it wouldn't try to guess it by brute force.
mauree is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
nMP Apple Store sightings reports ? initialsBB Mac Pro 36 Jan 3, 2014 10:19 AM
'Apple Store' iOS App Update Coming Tuesday with Free iTunes Store, App Store, and iBookstore Deals MacRumors MacRumors.com News Discussion 77 Jul 31, 2013 03:48 AM
Using Hockey App with iOS to get crash reports. RookieAppler iPhone/iPad Programming 1 Feb 20, 2013 02:25 PM
BBC Reports Twitter Hacked 250,000 passwords stolen James Craner Mac Applications and Mac App Store 0 Feb 2, 2013 06:55 AM
My iTunes store account hacked Kuwait iCloud and Apple Services 5 Sep 6, 2012 10:03 AM

Forum Jump

All times are GMT -5. The time now is 05:18 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC