Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Reports of 'App Store Hacked' Greatly Exaggerated

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

Jazerai said:
i was one of the people that posted a link to the article. i haven't gone back and re-read it but i don't remember there being anything in the article that could be taken as an attack on apple. just a news story about what happened.

i understand that apple and the iphone 4 have been taking a beating recently but seriously... people are losing money. a pretty good amount of it in some cases. do people here really think that saying it's only happened to a few hundred people means it isn't worth reporting?

https://forums.macrumors.com/threads/407990/
Click to expand...

It's not that it's just a hundred people are affected. It's that it doesn't seem like it's anything new.

Ok let's say this month a hundred people are affected. But lets also say 100 people are affected every month. How often is this a story?

I believe it's a chronic problem not an acute one.

arn
 
I changed my password to ••••••••••••.

I figure that'll confuse the heck out of them.
 
Meh who cares, you can download pretty much every app online.. Not that I'm encouraging it... just saying..
 
i don't remember ever seeing stories about developers using compromised accounts to buy their own items enough times to occupy 41 of the top 50 sales in the book category. or any category for that matter.

http://www.alexbrie.com/archives/215

apple makes it a point to promote how supervised, controlled and safe the app store is but in reality, it's just as vulnerable as any other software or online marketplace. people need to be aware of this and a lot aren't. a good percentage of the 1.7 million iphones that sold in the last few days were purchased by people who aren't power users or even particularly computer savvy. they trust the ironclad security image that apple promotes. whether the security weak point is apple itself or a naive account holder is irrelevant in the end. the money is just as gone. talking down the news reports as being exaggerated just furthers the illusion.

anyway, it's a good idea for people to change their passwords regularly, use complex passwords, make their password recovery question and answer combination complex and change their account payment preferences to 'none' (at least for now).
 
arn said:
It's not that it's just a hundred people are affected. It's that it doesn't seem like it's anything new.

Ok let's say this month a hundred people are affected. But lets also say 100 people are affected every month. How often is this a story?

I believe it's a chronic problem not an acute one.

arn
Click to expand...

A single entity or developer effectively took over an entire section of the App Store for the past two weeks by using an army of zombie or hijacked accounts. Apple apparently didn't notice, or take action, until a fuss was raised. I think that was the story here, not a question of whether or not the entire store's accounts database was compromised, though that's a nice scare to raise attention on thenextweb's part.
 
arn said:
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)



It's not that it's just a hundred people are affected. It's that it doesn't seem like it's anything new.

Ok let's say this month a hundred people are affected. But lets also say 100 people are affected every month. How often is this a story?

I believe it's a chronic problem not an acute one.

arn
Click to expand...

Random hacks are probably just a chronic problem.

What's different (and more disturbing) about this is that it may have involved a developer.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

phillryu said:
arn said:
It's not that it's just a hundred people are affected. It's that it doesn't seem like it's anything new.

Ok let's say this month a hundred people are affected. But lets also say 100 people are affected every month. How often is this a story?

I believe it's a chronic problem not an acute one.

arn
Click to expand...

A single entity or developer effectively took over an entire section of the App Store for the past two weeks by using an army of zombie or hijacked accounts. Apple apparently didn't notice, or take action, until a fuss was raised. I think that was the story here, not a question of whether or not the entire store's accounts database was compromised, though that's a nice scare to raise attention on thenextweb's part.
Click to expand...

That's perhaps true but a different focus perhaps. It's also a stupid scam since it will clearly get you busted.

arn

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

There was another burst of traffic in the past that was suspected to be dev self purchasing through some distributed system

http://forums.toucharcade.com/showthread.php?t=53244

So its been done to even greater affect before.

arn
 
Severe Human Rights violations... Copyright/patent violation haven... Cybercrime power... How the heck did we let China into the WTO? Ah, right... We DO need all that cheap labor!
 
arn said:
That's perhaps true but a different focus perhaps. It's also a stupid scam since it will clearly get you busted.

arn
Click to expand...

I wonder if this is already a routine thing (laundering money out of phished iTunes accounts through fraudulent app sales), and one guy just got too greedy this time / hatched a scheme to 'multiply' that money via chart exposure sales.
 
ranReloaded said:
Severe Human Rights violations... Copyright/patent violation haven... Cybercrime power... How the heck did we let China into the WTO? Ah, right... We DO need all that cheap labor!
Click to expand...

Vietnam isn't part of China btw. Why the random rant? :confused: Ah, saw your location status. Makes sense now
 
Something Fishy

What we saw was certainly more than just a few hacked iTunes accounts, and had nothing to do with Books at all.

An app had become listed as the "Top Grossing App" on the front page of the app store. Its name was "Mirror" or something similar. What was really odd and caught our attention was that it said it had been released (i.e. version 1.0) only yesterday, July 3, 2010. There were about 26 comments on it, the first half were unabashed "how great it is!" type comments, followed by apparently "real" comments spouting venomous anger, about how it was a "complete rip-off", "how could Apple allow this?" etc.

Within a couple of hours it was no longer on the App Store's "Top Grossing" list at all. Pages was back to being number one.

If someone can "game the App Store" to become listed as the top-grossing app in less than a day, the system is severely broken. And certainly a few hundred (or thousand) hacked accounts making purchases and comments couldn't cause such a thing.

There are still several "Mirror" apps still on the store whose screen shot is not a screen shot but a woman applying make-up in a mirror. The developer is one of several oriental names. The apps "work" by displaying a frame around a black area, the idea being that the glassy, reflective screen on the device is the mirror.

Edit: oh yeah, here it is: "A Mirror : for iPhone and iPod". Its web site ("SufPay") is "http://localhost/", support site is "http://com/". Surely Apple wouldn't allow a developer to use such obviously wrong URLs?
 
This is why I don't even know my passwords. I have about 80 passwords for various web sites, etc. but use 1Password to manage them. My passwords are always 20 alpha-numeric with symbols (if allowed). You'd be surprised that some financial sites only allow 8-12 characters, and some limit special characters or outright reject them.

I only remember two passwords, both 20 characters long-- 1Password and my computer. I know people who use 1 or 2 passwords for a dozen accounts. They are just asking for it.
 
Nord said:
I doubt that, why would websites recommend long passwords if they're just as inefficient as shorter ones as you claim ? In that case, who cares about long passwords ?
That simply isn't true. I'm no expert of course, but I know that with 20 characters, there are quadrillions of combinations (I don't make the maths, I'll let you do it if it bothers you), making it impossible to crack, even for a machine and a life time isn't enough to crack it, and even if it was, finding another way to enter would take less time than find it.

Length is much more secure than "complexity" (adding $ and otehr &, %) onto a short password, it's good, but not enough and won't be as efficient than using normal alphabet, random at best, with a 20+ long password.
Click to expand...

I agree with long and varied passwords. It's all I use. However, unfortunately - quite a few sites limit passwords to stupid 8 characters or less and NO SPECIAL characters allowed. It's rather stupid. They also tell you, you need a capital letter in your password which throws everything off because who really remembers what letter they capitalized? Lol
 
DipDog3 said:
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

Hacked iTunes accounts could make for some big bucks in the App Store which is probably why they did it.
Click to expand...

Not really.

The scammers would have to get paid by Apple for the apps they purchased with the hacked accounts.

The only way the scammers would have gotten paid is if no one (the users or Apple) noticed the fraudulent sales.

It's not like Apple sends payments instantaneously to the app developers when a sale is made.
 
My account was compromised in late June, and I still haven't been reinstated. I have no idea if it is related to this, but seems a bit coincidental. All of the purchases were from the app store, and not music or movies etc. They were random and expensive, and there were some "normal" apps mixed in.

Oh, and I don't consider myself an average user. Perhaps not power, but I know how to protect myself, and I have a computer science background. I am not at all happy with the actions Apple has taken so far in my case.

I'm tired of seeing some on these forums blaming Apple's security issues on "stupid users". Get over yourselves already.

Also, all of my iTunes activity is done on a MacBook Pro, an iPod Touch, and occasionally ATV, so leave the "it musta been moron Windoze users" nonsense out of it as well. Stop being apologists for a company that has hoards of cash and could make sure non of this happens so often.
 
If it was hacked, Apple would never admit to it. Too damaging to consumers and content providers. Apple will remain silent or just lie.
 
Lost password/forgot email authentication challenges are usually easier to break than password. Especially for sites that let you reset a complex password after you answered question who answer can be easily guessed.
 
Funny

That's funny. I just got my iPad the other day and hooked it up and went to the books section to see what was there, and all I saw were these crappy Vietnamese books everywhere. I was thinking "what the hell?"

Despite being a fan of the culture and having been there and am currently reading Vietnamese folktakes, I didn't buy any of them, they all looked like Manga cartoons or something, and I'm afraid I'm not quite that geeky.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back