Apple: iTunes 'hack' is no big deal

Only a miniscule percent of iTunes users were affected, Apple says, noting that its iTunes servers were not compromised

News of hacked iTunes user accounts made headlines earlier this week, but it turns out only a very small fraction of users were affected. Apple says just 400 user accounts were compromised over the weekend, which equals to around 0.0003 percent of the over 150 million iTunes account holders.

Reports emerged on Sunday that a Vietnamese developer called Thuat Nguyen gamed the App Store ratings in the Books category, by purchasing his own apps using hacked iTunes accounts. At one point, the developer's apps occupied 42 of the top 50 apps sold in the Books section, and users reported purchases of up to US$500 with their accounts.

Nguyen's apps had been removed from the App Store late as of Sunday, because he "violat[ed] the developer Program License Agreement, including fraudulent purchase patterns," Apple said. The company also claims that its iTunes servers were not compromised in any way.

When short, insecure passwords for iTunes accounts are used, users leave themselves open to hackers guessing their credentials. Compromised accounts are also nothing new: on the forums of the MacRumors site, there are dozens of replies in threads dating back from 2008 reporting such problems.

Following this incident, Apple will ask more frequently for your CCV number from your card (last three digits from the number at the back of the card), which is supposed to prove that the card in is the possession of the person making the purchase.

Developer suspicious of Apple's claims

Alex Brie, one of the developers who first reported the App Store problems with the Vietnamese developer, is suspicious of Apple's claims. After his calculations, Nguyen would have needed at least 3,000 hacked iTunes accounts to reach the ranking he had on Sunday in the App Store.

Brie, who also develops iPhone books apps, was affected by Nguyen's gaming of the App Store ratings. Despite Apple's claims, he speculates that to achieve such high ratings for his apps, Nguyen had to hack into Apple's iTunes servers and skip the normal security steps, or run an automated scripted program.

One final question

Apple is well known for its draconian App Store approval process, so there are questions over how Thuat Nguyen's apps got approved in the first place. The developer links for these apps led to a parked (inexistent) domain, and according to one report, they even featured copyrighted material.

Tags hackersAppleInternet-based applications and servicesMusic and audiointernetiphone appsiTunes

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Daniel Ionescu

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?