Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
55,057
17,433


Clayton Morris provides some details about the App Store ranking fraud reported over the weekend. As previously reported, developer Thuat Nguyen's apps had been removed from the App Store after it became apparent that he was manipulating the App Store rankings by using compromised iTunes accounts to purchase his own apps.

Morris received confirmation from Apple that approximately 400 iTunes accounts were affected and that iTunes servers were not hacked in any way. The total number of iTunes users number about 150 million according to Morris. Apple is said to be increasing security to help minimize this fraud by asking users to enter their credit card security code more often.

While compromised iTunes accounts have been reported for years, this is the first reported time that a developer has tried to use them to their advantage.

Article Link: Apple: About 400 Accounts Affected, App Store Not Hacked
 

kingofwale

macrumors 6502a
Apr 24, 2010
988
1,432
140 million iTune users, Yes

but how many of those have credit card attached to it? apparently 400 of which were compromised.

Time to take it seriously, Apple
 

the-oz-man

macrumors 6502
Jun 24, 2009
402
153
As much as you want to, this is not an Apple problem. No more than facebook is to blame when someone doesn't log off their profile on a public computer and it gets hacked. Most likely these users fell for some sort of email phishing scan and got taken. It happens to ignorant and less aware people thousands of times per day. Still not Apple's fault.
 

arn

macrumors god
Staff member
Apr 9, 2001
16,268
5,477
140 million iTune users, Yes

but how many of those have credit card attached to it? apparently 400 of which were compromised.

Time to take it seriously, Apple

I think the 140 million is with credit cards attached. At least the number was 100 million last fall with cc number's attached.

And if it's really users losing their passwords to phishing and keyloggers, I'm not sure what can be done by Apple.

arn
 

JodyK

macrumors 6502a
Jan 29, 2010
714
14
Northern Atlanta suburbs
As much as you want to, this is not an Apple problem. No more than facebook is to blame when someone doesn't log off their profile on a public computer and it gets hacked. Most likely these users fell for some sort of email phishing scan and got taken. It happens to ignorant and less aware people thousands of times per day. Still not Apple's fault.

Agreed. 400 out of 150 million. Better chance of being in a car accident. You know if Apple servers had been compromised it would have been a scary high number.



Chance of being struck by lightning in 1 year in the US ... 1 in 750,000 ... 150 million / 400 = 1 in 375,000 or double the lightning senario.
 

SPUY767

macrumors 68020
Jun 22, 2003
2,029
113
GA
I think the 140 million is with credit cards attached. At least the number was 100 million last fall with cc number's attached.

And if it's really users losing their passwords to phishing and keyloggers, I'm not sure what can be done by Apple.

arn

A security researcher friend of mine was said that they app that stole the passwords was a Trojan horse that only ran on Pre-Win XP machine. Take with necessary salt.
 

Xtremehkr

macrumors 68000
Jul 4, 2004
1,897
0
So, 0.0004% of iTunes users have lousy passwords or were infected with phishing malware.

There's really not a lot that Apple can do about that.

1Password is a good app for OSX, you only need to remember one password and it generates extremely secure passwords.
 

Consultant

macrumors G5
Jun 27, 2007
13,313
33
of course it's not hacked.

There are various reasons an account could be compromised. Most of it are due to the end user.
 

jaw04005

macrumors 601
Aug 19, 2003
4,380
47
AR
Oh great. For those of us that do have secure passwords we're going to get stuck entering our CCC and iTunes password more often.

Having to enter your password over and over again just to update apps is annoying enough --- especially if you already have a passcode.
 

CFreymarc

Suspended
Sep 4, 2009
3,969
1,149
Apple should hire the Guy as a Security consultant,

I would.

I wouldn't. The days of hiring the thief to catch thieves are over in cyberspace IMO. There are enough "white hats" out there with network security backgrounds. Hiring the now assumed ex-con is not worth it.

I'd like to see public executions of guys like this with the audience done pay-per-view and the positions in the firing squad sold via eBay.
 

Corruptitudes

macrumors regular
Nov 24, 2009
100
0
I logged into my itunes account and it already required me to enter in the 3 digit security code from the credit card on file. It also said I logged in from a new computer.

Has anyone else gotten this? Does this mean my account was hacked? I changed the password just in case...
 

SockRolid

macrumors 68000
Jan 5, 2010
1,560
118
Almost Rock Solid
Probably Windows users

Most of the 400 must be Windows users. Maybe Apple should start shipping anti-malware software along with iTunes for Windows.

As for anti-stupidity, well, there's nothing Apple can do about that. Hundreds of millions of infected PCs are the proof.
 

i.mac

macrumors 6502a
Dec 14, 2007
996
247
140 million iTune users, Yes

but how many of those have credit card attached to it? apparently 400 of which were compromised.

Time to take it seriously, Apple

...another mindless comment...

according to you, next time you see a car crash, or a bank robbery, or someone getting wet on the rain, please blame it on Apple...
 

muziq

macrumors member
May 31, 2008
40
12
NYC Baby
of course, if Apple says 400 were hacked, then it must be true....

keep drinking the kool-aid....

I know at least 30 of those 400 then...

I must be the luckiest fellow on earth...

-there is no antenna problem
-the white iPhone will be released at launch
-there is no yellow tint on the new iMacs...

move along, nothing to see here..
 

muziq

macrumors member
May 31, 2008
40
12
NYC Baby
Most of the 400 must be Windows users. Maybe Apple should start shipping anti-malware software along with iTunes for Windows.

As for anti-stupidity, well, there's nothing Apple can do about that. Hundreds of millions of infected PCs are the proof.



I use a Mac, and do not download anything to it via Itunes...so squash that Windows only scenario....

I only use my phone to download apps, yet I was one of the unlucky "few"...

so explain to me how exactly my password which is not "easy to crack" was hacked then?

they snagged it off my phone as I downloaded an app?
 

robertpetry

macrumors 6502
Feb 12, 2009
446
108
Indianapolis, IN
400? B.S.

I don't believe that for a minute. My account was hacked and I had a strong password and no key logger on my machine. Looking at the forums there is no way it was only 400.

The worst part was how Apple treated me. First there is no way to call them. When someone steals $155 from me I expect a turn around that is faster than 24 hours via email but I didn't even get that.

Then Apple refused to reverse the obviously fraudulent charges for anyone and made me dispute the charges with my credit card company.

They handled the situation very poorly and if they think it was only 400 then they are not looking.
 

catmistake

macrumors member
Aug 3, 2006
68
0
I use a Mac, and do not download anything to it via Itunes...so squash that Windows only scenario....

I only use my phone to download apps, yet I was one of the unlucky "few"...

so explain to me how exactly my password which is not "easy to crack" was hacked then?

they snagged it off my phone as I downloaded an app?

YOU were hacked? Obviously, Apple is lying about their servers. /sarcasm

Did you know that CIO's get hacked? And systems administrators get hacked? And even computer scientists get hacked? Yes, it's true. So... I'm not sure why you think you're so special that you couldn't have somehow compromised your own security, like so many qualified security experts have accidently done. You are unlucky, or you made a mistake. The vastly more probable scenario is that you did it to yourself. The less likely scenario is that your difficult to guess password wasn't as difficult as you thought, and a dictionary attack revealed it. Who knows exactly? Wasted energy, unless you just need to blow off steam... in which case... I think you can do better... there aren't even any "****" or "!" in that post.
 

Consultant

macrumors G5
Jun 27, 2007
13,313
33
123456 isn't a "hard to hack" password. Neither is 654321 or qwerty, iloveyou, etc.

In one analysis, 20% of users use about 5000 common passwords.

Plus other ways in how your accounts can be compromised:
http://obamapacman.com/2010/07/apple-store-itunes-app-store-hacked-how-to/

400? B.S.

I don't believe that for a minute.y account was hacked and I had a strong password and no key logger on my machine. Looking at the forumsthere is no way it was only 400.

The worst part was how Apple treated me. Riser there is no way to call them. When someone steals $155 from me I expect a turn around that is faster than 24 hours via email but I didn't even get that.

Then Apple refused to reverse the obviously fraudulent chafes for anyone and made me dispute the charges with my credit card company.

They handled the situation very poorly and if they think it was only 400 then they are not looking.

Someone steals your credit card info and buy things from any store, would you go to the store for a refund or contact your credit card?

Btw, using your name for a forum user name = security fail.
 

marksman

macrumors 603
Jun 4, 2007
5,764
5
I know at least 30 of those 400 then...

LOL sure you do.

Although realistically the chances of any one person knowing the itunes status of 30 other people for something that just happened is zero... but sure keep pretending.


I give you the Gizmodo Star!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.