More iTunes Accounts Compromised by App Store Developer?

[kayC]

Typical fanboi gutless response. There is no Apple system that is bulletproof, only in your fantasies. Macs succumb first in every hacker event, get a clue.

And you are a ********** TROLL Black bart Belt Boy.

All you do is make up stories and push out your hate BS to the masses that don't yet have you on their Ignore list.

Like this little one you posted just a while back:
Quote fror the Black belt himself the 15 year old Troll baiter.

" I can't believe how Jobs has brainwashed you all into pathetic specs. 64gig is an absolute travesty in this day and age, especially for a so-called media device which is a so-called industry leader. Have a little dose of reality. Apps + Music + MOVIES needs more than 64 gig to be worth anything. Otherwise for the priviledge of Jobs screwing you, you get some kludgy device you have to continually swap stuff with like its your second job. Some of us have lives."
Link :https://forums.macrumors.com/showthread.php?p=10418782&#post10418782

And anyone else can see your previous post of Apple Hate, Take your Microsoft Kin and get a life Boy.

Get a life.

P.S. I won't be back to feed your ignorance.

 

[ouimetnick]

He does have truth in his Post. No system even if its Apple can be 100% safe hack free. While he may be a troll, look in the mirror. What do you see? Do you see a Apple iFanboy? You sound like one.

 

[Dekimasu]

Well, the two sides to the argument are:

(a) The problem itself is not Apple-specific, but
(b) Apple can't save you from phishing attacks.

Obviously this is not an OS-related problem, so it's inappropriate to compare this to OS vulnerabilities/viruses.

 

[firewood]

Another thing is the guy that got into my account entered his name, address and phone number in the shipping info. My CC comp. nor Apple was interested in this info.

What country was that address located in? Depending on the amount, some law enforcement agency might accept a fraud/theft report.

 

[siddavis]

You don't say how it happened.

Were you the victim of phishing? Did you divulge your password to a third party, or use it to log in to mobileme in an insecure location?

Uh, that's part of my problem. I don't know exactly what happened. If you go by most here, Apple is infallible, so that leaves me. Thing is, I'm very aware of everything I'm doing online and I can detect a phishing scam easily. Don't use mobile me, so that's not it.

My biggest issue is Apple's lack of any type of communication during a timeframe that I think is obnoxiously long.

 

[Master Chief]

Ok then.

1. Use an iTunes password that cannot be guessed, and don't give it to anyone. Also don't use the iTunes password while reacting to an email that purports to be sent by Apple. Only use it within the iTunes application itself.

2. To avoid your passwords, credit card information etc. to fall prey to an attacker who attacks badly configured websites, quit your browser after using the password or credit card information. This avoids hacks where you willingly gave information to company A, and through bad programming on company A's website your browser, in fact any browser, can be convinced that it is still connected to A's website when in fact it is connected to B's website.

3. Consider using a pre-paid credit card (well, it's not really a credit card then) which would limit any financial losses to the amount of money you paid onto that card. And only add new funds to that card just before making another purchase.

Thanks. Now we're talking.

It won't help me, personally, because I know what to do... but this is how I write my articles; add prevention tips to potentially bad news...

Let me add a few more:

4. Use iTunes Gift Cards only. This way you will prevent fraudulent transactions to empty out your bank account.

5. Remove your Credit Card from your iTunes Store Account when you don't really need it; like when going on a [long] holiday.

6. Don't use iTunes on unprotected WiFi connections.

7. Logout [on your iDevice] right after you purchased something because some application don't seem to ask your permission, and that can lead to unexpected purchases.

8. Don't want/need 'In-App Purchases' then turn it off under: Setting -> General -> Restrictions See #7.

 

[alphaod]

I should also point out that people's iTunes accounts are readily available to purchase online. They're like $5 each. So yeah this is pretty prominent.

 

[ranReloaded]

Off course no system is 100% secure.

But most of those Mac vulnerabilities are "proof of concept". The real world says otherwise.

 

[madmax_2069]

Typical fanboi gutless response. There is no Apple system that is bulletproof, only in your fantasies. Macs succumb first in every hacker event, get a clue.

The sad thing is that you fail to realize is the weakest link is the user , no matter the OS or platform on how secure it is, a ignorant user will cause a secure system to become vulnerable.

Apple system or not what happened here is Phishing (not hacking into a system). All it takes is a simple email, sending a email is not hacking into a computer system.

A ignorant user is a danger to himself and the security of his info.

 

[johnqh]

If someone hacks MacRumors user database, he can get thousands of valid iTunes accounts because people use the same user name/passwords.

Or, create a Mac discussion forum yourself, and have the user name/passwords handed to you.

 

[CFreymarc]

Yep..you hit the nail on the head.. Jail broken phones downloading apps with who knows what embedded in it....

Not surprised at all here. Embedded Trojans are more and more becoming an issue and "brand" is going to be worth more in the future. During the industrial revolution, people were dying from eating poisoned pre-packaged foods. This was due to many things such as bacteria growing over months in the cans and mold within the packaging that made it into the food.

Several outfits came up with and patented very reliable food packaging systems and some stores would only sell those brands. In fact many old school super market chains own names evoked safety of their foods.

While some are bitching about the "closeness" of the iOS ecosystem, it is mostly to keep crashing apps and apps with hidden evil intent embedded in the code from getting out for sale. What happened a century ago for packages foods could be turning into a format for software.

I loathe the day where a piece of software could not be legally sold unless you have the plans approved and inspected by a government agent to avoid malicious code. Some FDA products already have to go through such a process.

 

[Saladinos]

Hello? I don't think you understand what is going on.

There is nothing wrong with AppStore's security in those cases. It is just like your credit card number being stolen and use to make purchase at a store, it is not the store's problem and you should just contact credit card company to investigate.

You shouldn't have lost your info to someone in the first place.

No, I understand perfectly well.

Apple's developer program is meant to protect against malicious apps (of ALL kinds) by making the developer sign up with information that can be used to trace them (e.g. credit card). That's supposed to be the whole point of the $99 developer program.

Apple needs to hand information over to law enforcement officials and make an example of these developers. If they don't have enough information to track these guys, they need to change the submission process so that they do.

Apple has also provided no information about what was going on. How were these developers accessing peoples accounts? Did they guess the password or display a fake iTunes password dialog? Either Apple know and should tell us, or they don't know and should be beefing up their security. It must be happening on-device, so it is the application that is stealing your information (e.g. iTunes ID). I repeat: Apple need to get on top of this right away.

Security isn't just about antivirus software, you know. Security extends to developers needing to provide verifiable information that personally identifies them.

Apple holds a lot of the responsibility here. You can't strangle the AppStore for security reasons and then shrug off phishing attacks. There are hundreds of options open to Apple to stop this.

My solution would be to stop apps being able to retrieve a users iTunes ID (if there is such a method in the SDK), and ban any app that asks users to enter their ID. I would provide a unique user hash that can be used as a username alternative for apps to use as your ID.

 

[charlituna]

Ok then.

1. Use an iTunes password that cannot be guessed, and don't give it to anyone.

And don't use a security question/answer that anyone can guess or look up on your facebook/myspace/friendster/whatever.

"My dog's name" sucks when there are photos of you and SuperPoochie everywhere.

2. To avoid your passwords, credit card information etc. to fall prey to an attacker who attacks badly configured websites, quit your browser after using the password or credit card information.

Never click links in emails supposedly from your credit card, bank etc. No matter how dire they sound.
Always check that the address is secured, uses https and if possible use a browser that displays the name on the security certificate. I had a sibling that was almost phished by someone pretending to be her bank but she noticed that the banks name wasn't appearing in the 'security box' in her browser so she quit without proceeding. I was so proud

3. Consider using a pre-paid credit card (well, it's not really a credit card then) which would limit any financial losses to the amount of money you paid onto that card. And only add new funds to that card just before making another purchase.

Yep. This can also be good if you are traveling. Keeps hotels and such from having a record of your credit card number. Just be sure to do your research about being able to file a 'billing address' etc, since some places won't take a card that lacks this info.

And of course for iTunes you can use their gift cards

Most likely, your teaching did little good. I've been trying to teach various family members how to protect themselves for many years, but find that it's almost impossible to succeed because most non-technical people lack the instincts to make the judgments on what is and is not safe.

Excuse me?? Where do you get off? Just because your family are idiots that don't listen doesn't mean that everyone else suffers that issue.

I thought Apple wasn't a target for hackers. BWAHAHAHAHAH! Welcome to the real world, handwringers.

where's your proof that Apple was hacked. Rather than one of a dozen other ways folks could have gotten the information that don't involve Apple's systems at all

 

[Shinigami301]

About 3 weeks ago on the iPad forum I called out some suspicious looking threads that had been planted by these guys. They would praise the apps and their sock puppets (with the same distinct grammatical errors) would pipe in.

I am not even slightly surprised these people would also do this sort of thing. China is a rat's nest of this kind of thing, and it's only going to get worse..

 

[SpaceKitty]

Yesterday I exchanged my new 8GB 3GS at the AT&T store. When I got home, I restored my backup and then accessed iTunes on the phone.

I got a popup stating that I was accessing my iTunes account with a new device and that I had to verify my identity. I had to login, verify my CC # and address. After I did, I was taken back to the exact spot I was trying to access and was able to make my purchase.

Looks like Apple is finally doing something to stop iTunes fraud now.