On Sunday we reported details of how one specific app developer had managed to hack iTunes users accounts and use them to purchase his own apps – making it to the top of the iTunes charts.
As the story has developed, the problem has grown far more serious than initially thought – not just that one particular developer and his apps – the Apple App store is filled with App Farms being used to steal.
This post will give a complete run down of what we know and will be continue to be updated as we learn further details.
- A number of iTunes accounts have been hacked from across the globe, not just the US, and used to purchase apps.
- The app developer that began this entire investigation has now had their account (and apps) removed, but we’ve discovered a number of other developer accounts with very similar, if not more “innovative”, approaches to stealing users money. The Apple App store is filled with App Farms being used to steal.
- iTunes users have reported anywhere between $100-$1400 spent using their accounts.
- The trend: buy a couple of low cost apps ($1-$3) and then one app at an extortionate price ($90+).
- We’ve also seen a reports of a free app being bought and using in app purchases to effectively send money to the app developers accounts. Details here, the app is called World War.
- Apple’s only response so far has been to ask users to change their password. We have also contacted Apple and are awaiting a response.
- Many of the apps have been purchased to specifically climb up the iTunes ranking to gain momentum in the hope that others will purchase the apps based on their high sales.
- Currently all the app purchased have been owned by Asia based developers with little information known about them. Clearly they feel being based in Asia will give them immunity to any US laws.
- This seems to have been happening over the course of the last 4 weeks, although MacRumors shows hacking on some level dating back to 2009.
- The App developers are using images from the web as their app icons
- The developers website and support links direct users to non-existent websites or landing pages.
- The initial rogue developer’s have now been removed from the app store but other unethical developers still have their accounts available in the app store – details on those to come.
- Apple has released a statement about the matter here.
- Apple now says 400 accounts were impacted, we don’t believe it.
- Apple posts job listing for a Fraud Prevention Specialist.
more to follow.
What you should do
- Check your itunes previous purchases. If you spot anything you haven’t personally purchased contact Apple and your bank to try prevent any iTunes purchases from clearing.
- Get in contact with Apple.
or the website “Get Human” lists this for Apple: 800-275-2273
To talk to a real person: press 0 at eac prompt, ignoring messages.
- Change your itunes password
- Remove your iTunes card details and consider using gift cards where possible.
more to follow.