Apple: About 400 Accounts Affected, App Store Not Hacked

[MacRumors]

Clayton Morris provides some details about the App Store ranking fraud reported over the weekend. As previously reported, developer Thuat Nguyen's apps had been removed from the App Store after it became apparent that he was manipulating the App Store rankings by using compromised iTunes accounts to purchase his own apps.

Morris received confirmation from Apple that approximately 400 iTunes accounts were affected and that iTunes servers were not hacked in any way. The total number of iTunes users number about 150 million according to Morris. Apple is said to be increasing security to help minimize this fraud by asking users to enter their credit card security code more often.

While compromised iTunes accounts have been reported for years, this is the first reported time that a developer has tried to use them to their advantage.

Article Link: Apple: About 400 Accounts Affected, App Store Not Hacked

 

[severe]

Which apps were developed by Thuat Nguyen?

 

[kingofwale]

140 million iTune users, Yes

but how many of those have credit card attached to it? apparently 400 of which were compromised.

Time to take it seriously, Apple

 

[RonHC]

OH The Horror, THE HORROR!!!!!!

 

[Mr. Gates]

Apple should hire the Guy as a Security consultant,

I would.

 

[Rajani Isa]

Which apps were developed by Thuat Nguyen?

They were in the books section - which is why 400 accounts was able to affect the rankings.

 

[*LTD*]

So, nothing to really see here.

Moving right along . . .

 

[the-oz-man]

As much as you want to, this is not an Apple problem. No more than facebook is to blame when someone doesn't log off their profile on a public computer and it gets hacked. Most likely these users fell for some sort of email phishing scan and got taken. It happens to ignorant and less aware people thousands of times per day. Still not Apple's fault.

 

[arn]

140 million iTune users, Yes

but how many of those have credit card attached to it? apparently 400 of which were compromised.

Time to take it seriously, Apple

I think the 140 million is with credit cards attached. At least the number was 100 million last fall with cc number's attached.

And if it's really users losing their passwords to phishing and keyloggers, I'm not sure what can be done by Apple.

arn

 

[JodyK]

As much as you want to, this is not an Apple problem. No more than facebook is to blame when someone doesn't log off their profile on a public computer and it gets hacked. Most likely these users fell for some sort of email phishing scan and got taken. It happens to ignorant and less aware people thousands of times per day. Still not Apple's fault.

Agreed. 400 out of 150 million. Better chance of being in a car accident. You know if Apple servers had been compromised it would have been a scary high number.



Chance of being struck by lightning in 1 year in the US ... 1 in 750,000 ... 150 million / 400 = 1 in 375,000 or double the lightning senario.

 

[celticpride678]

Well, at least the numbers weren't hire or else Apple would have had a PR nightmare on their hands (again).

 

[SPUY767]

I think the 140 million is with credit cards attached. At least the number was 100 million last fall with cc number's attached.

And if it's really users losing their passwords to phishing and keyloggers, I'm not sure what can be done by Apple.

arn

A security researcher friend of mine was said that they app that stole the passwords was a Trojan horse that only ran on Pre-Win XP machine. Take with necessary salt.

 

[Xtremehkr]

So, 0.0004% of iTunes users have lousy passwords or were infected with phishing malware.

There's really not a lot that Apple can do about that.

1Password is a good app for OSX, you only need to remember one password and it generates extremely secure passwords.

 

[Consultant]

of course it's not hacked.

There are various reasons an account could be compromised. Most of it are due to the end user.

 

[jaw04005]

Oh great. For those of us that do have secure passwords we're going to get stuck entering our CCC and iTunes password more often.

Having to enter your password over and over again just to update apps is annoying enough --- especially if you already have a passcode.

 

[CFreymarc]

Apple should hire the Guy as a Security consultant,

I would.

I wouldn't. The days of hiring the thief to catch thieves are over in cyberspace IMO. There are enough "white hats" out there with network security backgrounds. Hiring the now assumed ex-con is not worth it.

I'd like to see public executions of guys like this with the audience done pay-per-view and the positions in the firing squad sold via eBay.

 

[Corruptitudes]

I logged into my itunes account and it already required me to enter in the 3 digit security code from the credit card on file. It also said I logged in from a new computer.

Has anyone else gotten this? Does this mean my account was hacked? I changed the password just in case...

 

[SockRolid]

Probably Windows users

Most of the 400 must be Windows users. Maybe Apple should start shipping anti-malware software along with iTunes for Windows.

As for anti-stupidity, well, there's nothing Apple can do about that. Hundreds of millions of infected PCs are the proof.

 

[i.mac]

140 million iTune users, Yes

but how many of those have credit card attached to it? apparently 400 of which were compromised.

Time to take it seriously, Apple

...another mindless comment...

according to you, next time you see a car crash, or a bank robbery, or someone getting wet on the rain, please blame it on Apple...

 

[muziq]

of course, if Apple says 400 were hacked, then it must be true....

keep drinking the kool-aid....

I know at least 30 of those 400 then...

I must be the luckiest fellow on earth...

-there is no antenna problem
-the white iPhone will be released at launch
-there is no yellow tint on the new iMacs...

move along, nothing to see here..

 

[muziq]

Most of the 400 must be Windows users. Maybe Apple should start shipping anti-malware software along with iTunes for Windows.

As for anti-stupidity, well, there's nothing Apple can do about that. Hundreds of millions of infected PCs are the proof.

I use a Mac, and do not download anything to it via Itunes...so squash that Windows only scenario....

I only use my phone to download apps, yet I was one of the unlucky "few"...

so explain to me how exactly my password which is not "easy to crack" was hacked then?

they snagged it off my phone as I downloaded an app?

 

[robertpetry]

400? B.S.

I don't believe that for a minute. My account was hacked and I had a strong password and no key logger on my machine. Looking at the forums there is no way it was only 400.

The worst part was how Apple treated me. First there is no way to call them. When someone steals $155 from me I expect a turn around that is faster than 24 hours via email but I didn't even get that.

Then Apple refused to reverse the obviously fraudulent charges for anyone and made me dispute the charges with my credit card company.

They handled the situation very poorly and if they think it was only 400 then they are not looking.

 

[catmistake]

I use a Mac, and do not download anything to it via Itunes...so squash that Windows only scenario....

I only use my phone to download apps, yet I was one of the unlucky "few"...

so explain to me how exactly my password which is not "easy to crack" was hacked then?

they snagged it off my phone as I downloaded an app?

YOU were hacked? Obviously, Apple is lying about their servers. /sarcasm

Did you know that CIO's get hacked? And systems administrators get hacked? And even computer scientists get hacked? Yes, it's true. So... I'm not sure why you think you're so special that you couldn't have somehow compromised your own security, like so many qualified security experts have accidently done. You are unlucky, or you made a mistake. The vastly more probable scenario is that you did it to yourself. The less likely scenario is that your difficult to guess password wasn't as difficult as you thought, and a dictionary attack revealed it. Who knows exactly? Wasted energy, unless you just need to blow off steam... in which case... I think you can do better... there aren't even any "****" or "!" in that post.

 

[Consultant]

123456 isn't a "hard to hack" password. Neither is 654321 or qwerty, iloveyou, etc.

In one analysis, 20% of users use about 5000 common passwords.

Plus other ways in how your accounts can be compromised:
http://obamapacman.com/2010/07/apple-store-itunes-app-store-hacked-how-to/

400? B.S.

I don't believe that for a minute.y account was hacked and I had a strong password and no key logger on my machine. Looking at the forumsthere is no way it was only 400.

The worst part was how Apple treated me. Riser there is no way to call them. When someone steals $155 from me I expect a turn around that is faster than 24 hours via email but I didn't even get that.

Then Apple refused to reverse the obviously fraudulent chafes for anyone and made me dispute the charges with my credit card company.

They handled the situation very poorly and if they think it was only 400 then they are not looking.

Someone steals your credit card info and buy things from any store, would you go to the store for a refund or contact your credit card?

Btw, using your name for a forum user name = security fail.

 

[marksman]

I know at least 30 of those 400 then...

LOL sure you do.

Although realistically the chances of any one person knowing the itunes status of 30 other people for something that just happened is zero... but sure keep pretending.


I give you the Gizmodo Star!