Update: Apple has issued a press release about the matter but has not added any mention to the apps listed below.
As the story of of iTunes accounts being hacked continues to develop, we’ve come across a number of what we would call “App Farms” in iTunes being used to scam users out of their money.
Despite a claim that we’re exaggerating the gravity of the entire situation, let’s show you a few examples of these app farms and you can judge for yourself.
1. The Company/Thuat Nguyen begun our investigation. It’s responsible for 42 apps, 41 of which are book apps, all in the top 50 best selling apps in the books category. This app developer hacked iTunes user accounts and purchased their own apps using those accounts. (Update: This app developer has now had all his apps removed)
![iTunes 642x450 500x350 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/iTunes-642x450-500x350.jpg "iTunes 642x450 500x350 photo")
2. Charismaist (iTunes Link). With only three apps in the app store, Charismaist can hardly be considered a farm but we’ve already received 4 reports of charges up to $600 for the purchases of this developer’s apps.
One reader says:
“Someone has downloaded 8 apps and two songs totalling £61.70. The most expensive being an app called All Match by Charismaist for £54.99! The other apps seem to be based on photographer like Camera One, Night Shot, Camera Flash Ultra. Surely Apple won’t pay out to these developers.”
and another,
“My iTunes account was also hacked in the last week or so and I was billed £140. iTunes customer support was less than supportive and it took my bank getting involved, my card being cancelled and reissued and 2 changes of passwords to get is sorted. The apps that Jamie Vickery mentioned were bought using my account too.”
Comments on iTunes about one of the apps can be found below:
![Picture 1061 500x143 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/Picture-1061-500x143.png "Picture 1061 500x143 photo")
![Picture 1062 500x505 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/Picture-1062-500x505.png "Picture 1062 500x505 photo")
3. Wishii Network. Similar to the first example, Wishii Networks apps completely dominate the top travel iPad apps list with 29 out of 50 apps in the Travel category of apps store, this time on the iPad.
We’ve now receive 3 reports from people who have spotted these apps in their billing history but considering this is the US itunes app store and each of the apps requires payment to climb up the chart – there’s bound to be many more.
![Picture 1069 500x528 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/Picture-1069-500x528.png "Picture 1069 500x528 photo")
![Picture 1065 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/Picture-1065.png "Picture 1065 photo")
4. Storm 8 (itunes link). Check out the screenshot below. An app developer with 45 Games, many are clones that only differ by the number of “points” they offer. The quality of Storm 8′s games are definitely above any of the other scammy apps listed above, the company has been around a year and has a strong following however there is something very suspicious about the pricing for various in-game purchases of points. The developer hands out its games for free (or very little) and then uses the in-game points purchases to make its money, often charging up to $150 for in-game points purchased. You can see the cost of some of the point s purchases to the right.
One report we received:
“Our account was hacked just over a week ago. We’re still waiting on our bank to finish its ‘investigation’ to get our money back. Unlike what others have reported, we were taken for over $1400.00 on what looks like in-game credits for some game called World War at $160 a transaction and some music. Again, Apple did nothing to help but give the password reset advice and removing of the credit card info.”
The company has sent over a statement saying:
“Most of our games have been on the App Store for over a year. Our games are free to download and play. Like many apps from iTunes, we offer certain virtual goods (like Honor Points) for sale through In-App Purchase. They are an optional part of the game, and serve to enhance various aspects of user experience and game play. In no case do users have to buy points to use our free applications.
We have replied to the comment of the user which you quoted in this post. We do not hack into anyone’s account and we do not use anyone’s account to make purchases.”
![Picture 1064 500x404 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/Picture-1064-500x404.png "Picture 1064 500x404 photo")
Other Examples
There are other App Farms we know of, but no reports of whether or not they have been used for unethical purposes. One example is Brighthouse Labs with 4568 Apps, all virtually worthless.
![Picture 1066 499x364 Apples app store, filled with App farms being used to steal. [Examples]](http://cdn.thenextweb.com/files/2010/07/Picture-1066-499x364.png "Picture 1066 499x364 photo")
As I’ve said before, clearly when one developer completely dominates the ranking in a particular category, other app developers suffer but when it happens by means of hacking end users accounts – it’s a serious concern that leaves everyone involved suffering. Developers don’t get the recognition they deserve, users are robbed and left with a poor user experience, while Apple is left with a tarnished brand and a lot of explaining to do.
Why does Apple not have mechanisms in place to detect when previously unpopular apps from the same developer flood the top rankings?
When some apps are left waiting weeks for approval, only to be rejected by Apple for minor objections, how does a company with no website, no description and apps that are literally swarming iTunes escape punishment? More importantly, how has someone managed to hack users’ accounts and left many, we can only assume, unaware they’ve been robbed?
More to follow. If you know of any other companies with similar set-ups on iTunes, do please let us know.
uh zee, you need a better term than “app farms” it makes it sound like the app is doing the stealing… something like purchase farms instead maybe…
the thing is, it happens every day, and the poor slob who get’s his password stolen always blames it on: “itunes must have been compromised” when in fact it is their password that was stolen on their insecure PC,
there is a thread that dates back to jan 2008 on macRumors of people saying the same thing, “my itunes account just got hacked” in reality their PC got hacked and they got their password stolen…
this weekend is not different except some hacker saved up a weeks worth, (like 30 accounts) and let them all lose during a holiday weekend, in hopes people were out of town…
so in otherwords your advise would apply every week, something like 30 accounts get taken over every week, from people with stupid passwords, and keyloggers on PC’s and such..
what’s Apple supposed to do? tell everyone to get a Mac?
hey,
The app is doing the stealing.
and
i’ve seen the mac rumors thread, i’ve read it all and there are unquestionably far more reports of late than before not just on there but elsewhere.
finally, i’m not sure how you can look at the examples above and tell me there isn’t unethical – even illegal – activity going on. Take a look at the Wishii network one for example or Charismaist…
——- The app is doing the stealing. ————
really? that people willingly download the apps? and then bad things happen after the download?
you’ve seen the mac thread form 3 years ago? how exactly do the complaints back then differ from the ones today?
and I am not sure you read my post correclty? i never said it wasn’t unethical? i said it happens all the time… the only thing different, (actually this isn’t different either) is someone waited for a holiday weekend (in the US) to use his 30 or so compromised accounts… is that me saying that this is perfectly ethical?
of course it is illegal, stealing someone’s password and then stealing money with the credit card is illegal…
i’m not sure how you think the app is doing the stealing though? the person is simply using the compromised accounts to buy his own app… many times over, so that it naturally floats to the top….
these things really are “purchase farms” and they’ve happened in the past… i remember Apple taking down ones before…
“really? that people willingly download the apps? and then bad things happen after the download?”
no, the app owners are hacking the users accounts and purchasing their own apps.
It seems you understand that because you say “i’m not sure how you think the app is doing the stealing though? the person is simply using the compromised accounts to buy his own app… many times over, so that it naturally floats to the top….”
How is that not stealing? Where does the money go?
———-
no, the app owners are hacking the users accounts and purchasing their own apps.
————-
correct, the app itself does not steal people’s passwords by being downloaded…
you said that the “The app is doing the stealing”…. it is not, it is not some well engineered password stealer… it is just an app, it doesn’t steal…
the passwords were stolen long before the app was downloaded.
The app does do the stealing in a way. Free apps are downloaded then loaded up with in-app purchases that Apple cannot touch.
It’s called a trojan. And you’ve just shown why mac users are the most ignorant computer users after octogenarians, because only a total noob wouldn’t no that.
Mac security is a joke and this experience up-ends the entire “the app-store ensures that only high quality apps get through” argument.
Apple needs to start taking security more seriously than “we aren’t popular enough to get targeted.” It’s based on FreeBSD, it’s time to lock it down like FreeBSD and/or Linux.
er, ‘know’, not ‘no’, but my point stands. Only a fool would defend a trojan as the “users” fault.
There is nothing saying there was a trojan. If someone’s account password is stolen by a shady developer, they are most likely doing the in app purchases themselves.
“we were taken for over $1400.00 on what looks like in-game credits for some game called World War at $160 a transaction and some music”
It certainly looks like these users did not download the World War game (or the music). Without installing the app, how did they get this presumed trojan?
From the description of activities, it seems more of a Man in the Middle. Some kind of DNS poissoning, or a more subtle attack against apple internals. Of course you can use a trojan to induce locally the DNS poissoning. I remember some connectivity problems to apple.com (needing to reload a lot, the webpages, not only iTunes) recently.
Given the way it has surfaced, I’d tell that the original attackers have already sold the knowledge to script kiddies.
Name one virus for Mac?
Otherwise you are just talking rubbish.
Btw the this article and the purported replies from readers must be taken with a ton of salt. Pure fabrications from very imaginative fanbois.
Mark, I understand your geek disdain towards Apple, but its actually more than just an Apple problem. If you think security is laxed with Apple, how much more secure are Blackberry Apps from its App store? or Androids? or WebOS? Are those users ignorant as well? This is an industry wide problem that will only get worse before it gets better. Devs can put just anything in an app on any platform and they need the apps need to be checked.
The actual problem is that (if you’d take your Apple hating glasses off) Apple owns the App STORE. So people expect it to be safe. As did people in the Android store until a banking phishing scam appeared. What’s at hand is will/can these App stores including all others increase their DUE DILIGENCE and ensure these apps are not malicious. Or will they take on a more traditional model like on the PC and allow third party apps to be sold directly from the vendors which would off load a lot of security responsibility from the smartphone OS maker and put it more on the users and App developers.
I know a lot of the geeks hate Apple’s policies, but incidences like these shows why ALL of these smartphone App stores have to scrutinize Apps very very hard.
————
. Only a fool would defend a trojan as the “users” fault.
—————–
Only a fool, would suggest that a Trojan isn’t a user’s fault..
the Gates of Troy were perfectly safe, it was the “people/user” who opened the gate you moron… geesh..
and again, the malware IS ON THE PC, not itunes… you people.. also it can be done with phishing scams, and just plain stupid passwords…
this “developer” probably didn’t even do the phishing, most likely he went the very well known Black market in asia’s internet, and bought the 30 or so iTunes passwords for like $3.50 each….
guess where the Black market gets it’s iTunes passwords and accounts? from dumb a** PC users with malware on their computer… and every one of them will blame it on someone else… at least the people of Troy knew exactly what happened.
———-
it seems more of a Man in the Middle. Some kind of DNS poissoning
————-
then you’d be stupid, sorry to be blunt, but you are… mostly because you’d actually post such nonsense as to what is happening here.
and for the guy who discovered the term “trojan” in the above post, then brought it to us as a find… uhhh, is that a big word for you??… complex? or are you just proud of it?
If there was a trojan, it was on a PC and not on a Mac (at least for now). Remember, iTunes is ubiquitous on PCs these days…not just Macs.
We (Storm8) have replied to the comment of the user which you quoted in this post. We do not hack into anyone’s account and we do not use anyone’s account to make purchases. If you have more questions, please email support@storm8.com.
If you don’t hack into someone’s account, then you must be anxious to find out who is doing this to clear your name. I don’t download apps, I don’t play games on computer, yet on July 5th 2010 I received 9 itune receipts for worldwar v2.0 and 1 for world war. I know the password was from itunes because it was the only thing hit, yet every purchase is your product. Explain that.
———
Explain that.
————-
i don’t know the game, but did you think maybe someone actually wants to play the game? and is a bad guy, so he buys a stolen itunes account on the black market so that he can play the game?
what is hard to believe about that? i’m not saying that this game is great, i don’t know anything about it, but you asked for something that could explain that.
The fact that we now have all kinds of fake companies that offer more than 5000 worthless apps with the sole intent of getting rich by semi-legal or illegal means is a big concern!
You can’t just write this one off by saying that people should just protect their passwords better.
Also, there should be a refund policy by Apple. Compare it to buying something on eBay using Paypal: if for some reason the sale is illegit, Paypal refunds the money. This is a way to earn the consumer’s trust.
————————
The fact that we now have all kinds of fake companies that offer more than 5000 worthless apps with the sole intent of getting rich by semi-legal or illegal means is a big concern!
————————
uuuuhhhh, lets see, you are claiming what now? that you are the discerner of what is a “worthless” app or not? Apple should hire you.
it is not Apple’s job to keep junk books out of the app store, if you don’t want a junk book, don’t buy it… to claim that someone is getting rich by putting junk out, is just stupid on your part… people do not buy “junk” enough to get someone rich.
now, IF PASSWORDS WERE SECURE, instead, but you argue against this… you argue that you can distinguish junk by pointing out 5000 apps, great, and now we have discovered the messiah of deliverance from Junk… just what we need… instead of deciding for ourselves… thank you from relieving me of that arduous task.
NO ONE is getting rich off of selling junk, there are people making some money stealing though… but you suggested that we not have to secure our passwords, great… thanks for … that….
instead all Apple has to do is … ta duh… not allow “junk” books on the app store….
great, and should we have you in charge of what is “junk” or not?
>great, and should we have you in charge of what is “junk” or not?
No, that’s Apple’s job. At least that’s what they claim. The point is that they’re horrible at their job, their idea of “junk” being Google Voice, tethering, wifi hotspot…you know, apps that actually enhance people’s lives. Instead you get 200,000 “All-time [insert city] [insert sport] roster” and “20 honor points in Ninjaville” apps that purchase themselves.
———-
No, that’s Apple’s job. At least that’s what they claim
——————-
again, i am going to have to repeat myself, as someone said of me… you are a moron, Apple does not police the app store for Junk period… they police the app store for apps that crash Apps that don’t do what they say, and many other things, like trying to do illegit things..
if you can’t bring yourself to understand this simple fact, then you have no real clue about anything close to the subject, it is clearly written in the developer guide lines what can be posted on the App store, and not once is it mentioned that “junk” books or Junk anything can not be posted on the App store.
Google Voice wasn’t junk; it provided a bad experience in the background. iOS 4 added a bunch of APIs to make it better. Has Google adapted the new APIs and resubmitted? No. They’d rather whine about the 3.1 rejection and pretend Apple didn’t add a bunch of APIs just for them.
Tethering broke the agreement users signed with AT&T. It’s worth noting that tethering is supported outside of the US without an application. In fact, now it’s supported in the US too. You just need to talk to AT&T about it, rather than trying to dodge them.
I don’t know if the hardware can actually do a wifi hotspot. Can it?
So what’s your next example? More bullshit?
I don’t think this is an app thing really. In the past year, I have ordered minimal music and 6 episodes of a particular tv show from itunes and that is all. I was hit for 10 copies of WorldWar v2.0 from Storm LLC on July 5. I didn’t even know what it was.
——————————————
to claim that someone is getting rich by putting junk out, is just stupid on your part… people do not buy “junk” enough to get someone rich.
——————————————
Uhh, can anyone say Pet Rock? You’re probably too young to even know what that is, but look it up. Millions of people paid $5 for a rock that was branded as a “Pet” back in the 70s. You can’t get any closer to “getting rich off of junk” than that. Also, snake oil salesmen from the early 20th century, make your dick bigger pills, 7 second abs, lose weight by doing nothing but eating COOKIES (Hollywood Cookie Diet) for Christ’s sake!?! C’mon, man. Wake up. People have been buying garbage for centuries and making people rich who didn’t deserve it. Remember the Dot Com boom? I saw lots of instant millionaires who made money off of stock options from companies that never turned a profit and had a “product” that didn’t exist. You’re a tool if you believe otherwise.
Also, you need to pull the cob and get off your anti-PC rant. Someone even posted that they don’t own a PC and still got hit by this scam. Actually comprehend what people are writing and responding to your inane rants. Fraud is happening IN THE APP for some people. Just the fact that it has been downloaded and instantiated ONCE means that an in app purchase can happen without authorization.
I believe a lot of this problem probably is socially engineered, which means the compromise happened ONLINE, not on a particular OS, Mac, PC or otherwise. The fact of the matter is many of these people probably have accounts on Facebook or some other social networking site and got nailed by an unscrupulous viral app that took their personal information and allowed someone to figure out their iTunes password.
If you really believe that the Mac is so much more secure than a PC and that trojans and phishing can only occur on a PC, then you are the perfect target for these hackers. It may not happen right away, but at some point you’re arrogance and hubris in assuming you’re on a secure platform will get you in the end, and then your tune will change dramatically when it’s YOU that has to spend the weeks and months fighting banks to get your money back because of fraud.
Apple has tipped the scale in terms of adoption, and the hackers ALWAYS go where the volume is because that’s where quick money can be made. Now that the curtain has been pulled back and people are finally starting to realize that the Wizard they so revered is nothing more than a shadow as vulnerable and frail as the rest of us, I would hope that Mac users in general get a healthy respect for how completely exposed they really are now that their beloved institution is finally within the crosshairs of the hacker community. Microsoft execs must be sitting back with a snicker on their faces right about now thinking “been there, done that” and smiling that all knowing smile as they sarcastically send their greeting to Apple to “Welcome to the Club!”
Funny, my account got hacked too and I only use Mac. I even tried to get anti virus software last year and was told I don’t need it. Thanks apple, after I get my 160$ back I’ll owe you one.
Hey Jim, since you have a Mac, any you know how easy it is to take a screen shot, and how easy it is to post that shot with your mobileMe, why not shoot us a link to screen shot of your Itunes “purchased” area, blank out any sensitive info in iPhoto with the bandage… and include enough of the screen to show it is a mac, and that it is you…. and about $160 of the intrepid purchases…
this ought to be good… :0)
Most of the Storm8 apps have been in the iPhone App store for over a year now. I thought it was strange when I first saw the apps that look and play exactly like their facebook versions
——————-
Most of the Storm8 apps have been in the iPhone App store for over a year now.
———————
there is the other way of stealing, you basically get a hacked itunes account by a user who has an insecure PC..
he sells it to someone and that person really likes “world war” app or something like that… so they simply buy a whole bunch of in app credit with the stolen credit card so they can play that game….
there are other ways of using compromised iTunes accounts… not just “purchase farms”.
did the app steal? or did someone steal an itunes account password on someone’s insecure PC? and/or have a really stupid password….
again this has been happening for 3 years….
like 30 accounts a week out of 100 million…. really there are that many people who have PC’s and are lazy enough to download malware… (well having a PC is pretty much asking for it)
30 accounts is a lot per week but there are a lot of “challenged PC” users out there…. the phishing scams aren’t proliferating because everyone is smart.
I have no idea why Storm8 still exists, they were in the news a while back cause they collected phone numbers using these free apps without the user knowing it. Apple did nothing about it. I removed all Storm8 apps then.
http://technorati.com/entertainment/gaming/article/lawsuit-lodged-against-iphone-game-developer/
@thenextweb … if you log into this site using twitter and allow access to post, this site becomes completely unaccessable through the same web browser even after permisssion is revoked.
Having had my account compromised myself, I don’t think NTW or Zee are blowing this out of proportion. This is a real threat, one which if not dealt with quickly, could see thousands of iTunes users in a sticky situation this week.
Here’s hoping Apple give us a public response soon. Keep up the good work guys.
We’re also reporting on today’s events over at:
http://www.razorianfly.com/2010/07/04/warning-itunes-accounts-are-being-compromised-worldwide/
—————-
Here’s hoping Apple give us a public response soon. Keep up the good work guys.
——————
well then Apple will have to give a “public response” every day, as you said yourself, your account was hacked… (but failed to give us any detail of it… what a surprise, not a single one has said, hey i found a keylogger, or hey, i had a stupid easy password) and they usually follow that with “itunes must have been hacked” instead of “my account’s password was stolen”….
literally accounts are hacked everyday from PC users who have insecure PC’s… after all there are 100 million users… obviously there are a few less than “smart” users out there…. and when you get 100 million users (including PC users) you are going to get a few…
what is Apple supposed to do? Every day come out with a “Public response” saying hey get a Mac.. your PC’s suck. and stop losing your passwords to hackers and phishers you dumb a**es… so we don’t have to take down purchase farms every holiday weekend?
unfortunately we are going to get someone making up some story about how he has a Mac and a completely perfect password after i offered that up though… watch…
The biggest cause of stuff like this is people typing their usernames and passwords into a website that someone made to look official.
I think that Apple should mention to users to make sure that they only type in their passwords into the official website. i.e. look at the address bar. It’s something that we all know but you can secure a Windows of Apple PC as much as you please, but it will not prevent something like this. Sometimes people just need to be reminded to be careful.
Here’s an example of some of what happened to my account when I was hacked:
1 LiFE English – 中国人用多媒体来学英语, v1.0, Seller: Supplier Relations US, LLC. (4+)
Write a Review Report a Problem $2.99
2 Tarot 塔羅牌, v2.0, Seller: CHEUNG PUI MAN (4+)
Write a Review Report a Problem $2.99
3 Chinese Checkers | 波子棋 | 跳棋, v1.0, Seller: Chun Keung Ho (4+)
Write a Review Report a Problem $0.99
4 Xiangqi 中國象棋, v1.3, Seller: Horace Ho (4+)
Write a Review Report a Problem $0.99
5 農民斗地主 Landlord, v1.1, Seller: Chun Keung Ho (4+)
Write a Review Report a Problem $0.99
6 Angry Birds, v1.2.0, Seller: Clickgamer Technologies Ltd (4+)
Write a Review Report a Problem $0.99
7 Guerrilla Bob, v1.01, Seller: Chillingo Ltd (9+)
Write a Review Report a Problem $2.99
8 Battle of Puppets, v1.1, Seller: Small Wonders S.L. (9+)
Write a Review Report a Problem $1.99
9 The Deep, v1.0, Seller: 3G Studios, Inc. (12+)
Write a Review Report a Problem $3.99
10 Space Miner: Space Ore Bust, v1.0.1, Seller: Venan Entertainment, Inc. (9+)
Write a Review Report a Problem $1.99
11 Tehra Dark Warrior, v1.11, Seller: StormBASIC S.L. (12+)
Write a Review Report a Problem $3.99
12 中国邮编, v1.0, Seller: Leon Fan (4+)
Write a Review Report a Problem $1.99
13 家常菜:美食厨房, v1.0, Seller: Feather&Moor (Pte.) Limited (4+)
Write a Review Report a Problem $1.99
14 Art of War 孙子兵法 (中文版), v2.0, Seller: Hongwei Liu|1019594042 (4+)
Write a Review Report a Problem $1.99
15 三十六计(简+繁), v1.0, Seller: Phantombility Inc (4+)
Write a Review Report a Problem $0.99
16 《東周列國志》 《东周列国志》, v1.0, Seller: Stanley Huang (4+)
Write a Review Report a Problem $0.99
17 孫子兵法 孙子兵法 The Art of War, v1.3, Seller: Kai Yan Yuen (4+)
Write a Review Report a Problem $0.99
18 SiShuWuJing 四書五經 四书五经, v1.0.1, Seller: Chi Yung Yuen (4+)
Write a Review Report a Problem $9.99
This was just one of FOUR billings that hit my account with an hour… it took that much time to get my accounts locked down and keep whoever hacked my account from billing it even worse.
Trust me, it does happen and it’s been happening a lot more than people are willing to admit.
Are you on a Mac or PC? How was your password compromised?
sure enough there are those fake “i’m on a Mac” posts showing up… right on que too……
Gawd, you really are a hopeless mac fanboy. Macs practice “security by obscurity”, a common mistake of amatuer security schemes. It really is pathetic to excuse your fanboy company’s piss poor excuses, especially since Apple has practically ensured legal liability by claiming to exercise editorial oversight of the application approval process.
you poor, ignorant fanboy. macs get malware. macs get viruses. why do you think AV software exists for the mac? for show?
got one on the line,
dumb a** :0)
now anti-fan…dude… go find a single Mac OSX “virus”… just one to prove your point… show us the goods…..
after you get frustrated after a few days, show us the 100s of thousands of PC viruses, that should only take a few mins…
Aside from the fact that the very first virus to affect home users was a virus for the Apple Macintosh in 1982…
A more modern example is http://www.scmagazineus.com/Trojan-targets-Mac-
users/article/58290/?source=PSGL1SCM1001&gclid
——–Zee are blowing this out of proportion. This is a real threat ———
geez, i’m not saying Zee is blowing it out of proportion, i’m saying it happens ALL THE TIME…. that is all…. people have been saying “my iTunes account has been hacked” literally for 3 years…. how is that not proof that it “happens all the time”?
It’s not just about iTunes accounts being hacked or not. It’s about the App Store policies which continue to fail delivering quality and trustworthy content.
This is the sole reason that the App Store Approval system was put in place by Apple, and apparently they can’t make it work.
Apple can fend off innocent little apps by indie developers because they contain a bikini photo, but these big time scam artists are allowed into the store.
————
App Store Approval system was put in place by Apple, and apparently they can’t make it work.
——————
well then you don’t know what you are talking about, the App store Approval process is to keep out apps that crash, and a number of other reasons, but it is not there to keep out “junk”… these apps are nothing more than junk books… Apple is not there to decide if a Book is junk…. PERIOD, you are so far in left field i’m not sure you can even see the field…
the App, is not doing anything to harm, it does not steal, it only gets purchased PERIOD… what is apple supposed to do, put in a policy that apps can not get purchased you dolt????
there is nothing going on except some bad guy bought a bunch of stolen iTunes accounts from the black market that has been going on for years… and started buying his own apps… THAT IS IT…. PERIOD….
there are other ways to do this, like buy credit inside an app, and people actually buy stolen iTunes passwords to buy legit games… that is also a FACT… LOOK IT UP…..
how exactly do you want Apple to respond to that practice? tell people to get a mac, so the dumb a** PC people don’t get their password stolen every other day?
http://www.dslreports.com/forum/r24387156-iTunes-accts-hacked
see this thread that sounds all to familiar, but notice the date….
the thing is… you could find thousands of these type of posts.. you can find them for any year and any month….
LOL, I see macfans showing here already to defend apple. You see the difference is, when a pc user gets any type of malware mac users claim it’s due to MS. Therefore you should buy a mac despite their numerous disadvantages. But when anything relating to apple, mac, osx, or apples websites etc get hacked, then it’s suddenly someone else s fault. In other words MS takes blame for ALL types of problems, where Mac usually won’t even admit there are weaknesses. example, They usually love to blame the plug ins, like adobe etc for everything from bugs, safari crashes, problems, or even a security hole. But it’s never apple, LOL. And it never will be. But if osx were so tight, they’d have nothing to worry about. Apple would have never recommended mac users using antivirus even though they retracted that in embarrassment months back. In reality, NO system can be that tight, even though apple pretends it is. The problem is that Apple presents an image of great security even if it’s a false security. That’s what their image is about even though it’s based on obscurity instead of robust coding practices. This image transcends to their entire brand name which includes their phones, music players and their itunes store.. IT’s the image!
Now in this case, it’s the security of itunes user accounts being compromised. And Hey, so what? Anything can be hacked or stolen is what I say. Someone probably just found a weakness and a way to steal the customers information. I’d be like So what? IT happens. But you watch what apple fans will do. It’s one word, called DENIAL. And had this happened to a microsoft Zune, what would happen? They’d claim it was due to it being made by microsoft. It doesn’t matter if it’s simply compromised accounts or how it happened. It’s just what they’d do. And in some cases they will simply find a way to even blame windows, yes, again. Look at comment #1 (honkj) and you will see this very type of destructive, naive behavior going on… Even if it were true in this case, they act as if there is no way a user on a mac could have their itunes account compromised. Notice that? IT’s a delusion among some of the mac users really.. But no matter what platform they ran, the weakness is in Apple’s security that deals with accounts in the first place. And look at the ignorance as they state a reason is “stupid passwords” as if a stupid password is death if using a pc, but on an imac would save them from being compromised. Or as if it’s not possible for a kiddie to download software on a mac that promised him something. So then he okays it, and this software logs his passwords. No OS can protect those from what they give the OK to. But again, this is nothing other than denial when mac users start excusing weak security practices that had nothing to do with say a rampant virus. And there you have the mac way of life, being mislead my “Im a Mac” commercials.
Again, fact is, nothing that is designed or developed by Apple can be impervious to exploits, attacks etc.. If it uses an online store, it too can be compromised one way or another. And since the app writer is also directly trying to steal accounts or whatever, it seems like it’s the source. So why bring up “get a mac” bull? And for those who want to attack me,
my post is made because of the typical naive response of apple fans in the first place.
and to answer the OP of the article about how do they escape punishment. It’s simple as you’ve eluded. They’ve gotten around Apple’s system in a direct way by messing with accounts. As I’m sure Apple, if they knew, would not want this happening.
thank you for articulating what i’ve been trying to say for months!
working?
And as for this place-the-blame-elsewhere attitude, there are plenty of articles about security holes that effect not only
itunes, or iphones, but imacs, osx etc. And there are ones that attack itunes software written of course by Apple that are
not operating system dependent. That is they can attack users on a mac. I could list quite a few pages on this, but don’t
want to fill the internet…
http://www.silicon.com/technology/networks/2005/11/18/itunes-security-hole-discovered-39154382/
http://news.cnet.com/8301-27080_3-10304342-245.html
http://voices.washingtonpost.com/securityfix/2008/06/serious_security_vulnerabilty_1.html
And as for this place-the-blame-elsewhere attitude, there are plenty of articles about security holes that effect not only itunes, or iphones, but imacs, osx etc. And there are ones that attack itunes software written of course by Apple that are not operating system dependent. That is they can attack users on a mac. I could list quite a few pages on this, but don’t want to fill the internet…
and I tried to post about 10 links, but this comment thing wouldn’t allow it. So google itunes security hole. But here’s just one article from a few years back. Too bad the other 9 are not here yet. Maybe later. But the point is that ALL OS’ are affected, including OSX.
==============
NEWS
A critical vulnerability has been found in some versions of Apple’s popular iTunes that could allow attackers to remotely take over a user’s computer, according to a warning issued on Thursday by a security research firm.
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update.
The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X, according to a security warning issued by eEye Digital Security.
This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer.
Although an Apple spokesman was not immediately available for comment, the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches, according to Apple’s posting on its site. eEye, meanwhile, does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw.
When Apple released its iTunes 6 for Windows security patch earlier this week, it was designed to prevent the wrong helper application from launching. The helper program searches multiple system paths to figure out which program to run but the flaw could allow an attacker to create a way for an alternate program to be initiated by iTunes.
Dawn Kawamoto writes for CNET News.com
What’s scary about that is that if a news source didn’t uncover that hole, we would never know until a patch was released:
“the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches”
I’ve just barely started using iTunes on my PC and I’m seriously thinking of switching back to VLC.
What’s scary about that? Microsoft does the same thing. Even most Linux distributions have a secure mechanism where they report and discuss security issues, only making them public after it has been fixed.
————–
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update
—————-
you dumb a** that is for a Windows PC…AGAIN……. geez… iTunes had to shape up for a Windows PC, that is for sure….
security firms talking about “coulda, woulda shoulda” but all you could come up with was that… really?… catch a clue…
“The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X, according to a security warning issued by eEye Digital Security.”
Try again.
Looks like the Japanese store has been hit, too. I checked under the travel section, and there’s an amazing flotilla of look-alike language dictionaries, which were all released today and yet are among the top sellers.
Needless to say, my password has been changed.
In the context of this article, Zee correctly used “App Farms”, there are a plethora of worthless apps by the same developers that appear to be there for disingenuous purposes. Something that needs to be investigated. These apps are there to “harvest” money with little to no regard to customers (no website and no customer support), further evidenced by the lack of anything redeeming with the apps themselves.
Someone has reported that a free app that they downloaded charged a large sum of money for in-app purchases without their knowledge; how is this not an issue? That is something with dangerous potential.
We can either insult the character of the victims by calling them liars, make broad assumptions that their passwords are not secure then insult their intelligence by telling them to change their passwords, or patronize them by pacifying the issue and tell them that it’s been happening for the past 3 years and is no big deal. Sounds like people are unable to get anywhere with Apple, they had to elevate it to their Banks, and go through the inconvenience of canceling credit cards.
For the record, I love Apple products, in fact; I don’t even own a PC as I use only Mac’s. But I’m not going to insult the victims blindly. Something needs to be done, and Apple should respond after they thoroughly investigate the matter. The fact that all those apps (books or whatever) suddenly disappeared, and the fact that they were there to begin with makes it an issue that demands a response from Apple.
Thank you. Couldn’t have said it better myself.
——————-
But I’m not going to insult the victims blindly
——————-
you wont do that, but you will lie in front of all of us and make up statements, such as someone said it “is no big deal”
IT IS A FACT THAT THIS HAS BEEN HAPPENING FOR over 3 years, get over yourself… that is a statement of fact, where you just lied and said i uttered “no big deal”….
stop with your BS about how noble you are, when you lie about statements like that, and make up:
“Someone has reported that a free app that they downloaded charged a large sum of money”
when in fact…. their account was taken over, and it was used to buy credits in an app… free or not…. which is what I said was also happening.
Yes I totally agree with you! We have 4 pages Terms and Conditions for our app to protect everyone’s rights and to make it crystal clear what’s it all about, but Apple are still not happy with some of the wording, and the scammers are roaming the App Store like some Mark Twain Wild West cowboys with having a support page which is absolutely obligatory … The only idea coming to mind is that the App Review Teams in the asian app stores might have “looser” policies …
It brings me so much pleasure to see people get hacked by apple weaknesses. I don’t understand why people keep praising it and dogging Microsoft. Microsoft is fair, respects privacy more than others, brings more security than most… Apple is evil, rotten, flawed security, and “buy buy buy buy buy, click to buy”, .
In the end, I rejoice at least once a week over serious apple flaws.
Just get rid of those rotten apples.
Now of course I’m being a cynic, but remember that Apple brags about the fact that, “the app store has over XXX apps?” I wonder how many it would actually have if all these were eliminated?
I can’t remember the number they’re claiming at the moment. Hence the “XXX.”
I AGREE WITH NOTASHEEP!
EVERYONETHINKS APPLE IS SOOOOOOOOOO COOL AND ALL THAT STUFF BUT THEIR NOT!!!!!!!
APPLE HAS A FALSE SECURITY THAT IS DECIEVING YOU MACFANS AND THEY SELL PRODUCTS THAT ALWAYS NEED UPDATES TO FIX
TAKE THE IPHONE 4G FOR EXAMPLE
PEOPLE WHO BOUGHT IT HATE IT BECUASE IT HAS BAD RECEPTION AND NOW TO FIX THAT APLLE IS ISSUING A SOFTWARE UP DATE TO INCREASE RECEPTION TO ALMOST A NORMAL PHONES LEVEL BY TAKING A LOTTA POWER FROM THE BATTERY, REDUCING ITS LIFE.
ITS CUSTOMER SUPPORT IS LESS THAN FRIENDLY
DO IT INDEPENDENTLY…THE WINDOWS WAY!!!
USING A MAC WILL LEAVE YOU DEPENDENT ON OTHERS ALWAYS
YOU WILL LOSE PRECIOUS COMPUTER SKILL ON A SIMPLE MAC
PCS CAN READ ALMOST ANYTHING AND YOU CONTROL EVERYTHING YOURSELF
BE IN CONTROL…DON’T BE A SHEEP AND JOIN THE BANDWAGON…
Please finish Middle School before coming back on the internet.
Windows and OS X both have security issues of their own. People should use what they want to use and not what somebody with poor grammar tells them they should use on a website.
Notice they’re all low quality CHINESE or asian crap developers? Time to add extra scrutiny to asian app developers. So far they have been behind all of these scam apps.
Unless there is more conclusive evidence given, I do not see why Storm8′s applications are listed here and it seems rather irresponisble reporting. There are many role playing games on iTunes that sell points and have different introductory apps that come preloaded with different levels of points coming with them. Storm8′s games are wildly popular if you’ve played them and they give away free points all the time.
that said.. i do think the model is stupid – that is, multiple apps preloaded with multiple points for different prices, when the games themselves offer the points for sale internally…
I thought I wold add a “me too”. Someone got into my account and purchased over $1000 in game credits at $149.99 each for a game called “Original Gangstaz”. I’ve canceled my card and filed a fraud report with the company but I have to wait till tomorrow to talk to my bank >.< Argh. It was one of the 2700 in game credit point things. The info is:
Original Gangstaz, 2700 Street Cred, Seller: Addmired, Inc
I've emailed apple and tried to get in touch with someone on the phone yesterday but they were closed for the holiday. Hope this info helps someone else :S At least I was notified the same day. I never check my itunes so I wouldn't have known till I checked my bank acct. Grr.
I got the free version of Kingdoms Live (from Storm8) and I never paid for anything. Am I still safe? So far, I haven’t seen anything suspicious in my purchase history.
We (Storm8, the developer of Kingdoms Live) do not hack into anyone’s account and we do not use anyone’s account to make purchases. If you have more questions, please email support@storm8.com.
and Storm 8, your name is being dragged through the mud by Zee here on this blog, trying to convince people you are the one doing the hacking… and throwing you in with this other developer….
liable, and defamation come to mind, especially since i pointed out to Zee that he for sure is mistaken about what is going on…. and i specifically pointed out that it was possible that you were a legit developer… ‘
Zee again, I’ve told you many times, you have mis-read the situation, yet you fail to correct the obvious…..
it is not the Apps doing the stealing… it is PC’s being hacked, and it has been going on for more than 3 years… the apps are just sitting there being bought, and i’m not just talking about this idiot developer that was buying his own app, what is going on also are people buying legit apps with stolen accounts… because… well this might be hard to believe, to actually play the apps….
in Storm 8′s case, it looks like someone wanted to play his game, and purchased a black market account, and simply loaded it up with credit for the game, so they could play until someone noticed….
yet Zee is accusing Storm 8 of being an “app farm”… even though they have been around for a year….
From the wording of Storm8, I’d say that them are legally bound to keep secret any information he could have about random strange payments in his account, as it is part of the contract between Apple and the AppProvider.
Tha fact that in November 2009 Technorati reported of a lawsuit against Storm8, makes them a ideal scapegoat. The fact that the problem has surfaced afted some months of reporting indicates that the actual criminals, knowing that apple was already tracking them, have sold the method in the black market to produce “war fog”. This is usual hacker technique: to pass the hacking tool, or the results of it, to “script kiddies” so that the authorities need to pursue a lot of false objectives.
Honkj, you need to clarify if you think that the attack was a simple phishing or a trojan. There are other techiques to put a Man In the Middle, besides the trojan. Apple’s DNS can be poissoned, or third party web services (remember that Apple subcontracts akamai) can be distrupted. I like the idea of the trojan, but the reports are multiplatform. Besides, the last week I noticed problems to access http://www.apple.com and *.apple.com nodes, coincidentally with the surge of the attacks.
I’m a developer for a similar type app (where points can be purchased), and our records show the occasional person buying $1400+ worth of points. We certainly didn’t HACK the person’s account, and have contacted Apple to make sure this isn’t some kind of fraud going on.
One user that just spent $180 mentioned in the forums that he was a CIO for a medical device company here in the US… Could be lying, or he could just be a big spender…
———-
I’m a developer for a similar type app (where points can be purchased), and our records show the occasional person buying $1400+
———-
careful, Zee here is going to accuse you of being a “hacker” :0)
Thanks for your reporting on this. It’s nuts that Apple can prevent so many apps with real value from entering the store, and at the same time let so many clearly worthless apps get approved – let alone the patterns shown by developers releasing multiple or even dozens of worthless apps. That part of it – setting the stage for the crime – is entirely Apple’s fault.
In-app purchases should require some sort of double-verify, both on the phone and via email confirm. It’s way to easy for apps to abuse that method.
Finally, loss due to insecure or stolen passwords is not something apple can prevent. But they can make reporting and retribution far easier.
Lastly – anyone who puts a debit card in iTunes is asking for it. You want a direct line to your bank account exposed to all these issues? Credit cards at least give you another line of defense, as Visa/MC/Amex generally have pretty good policies when their customers are defrauded.
Again, thanks for keeping on this story.
Actually, I think that during the last week Apple was doing a double verify of the accounts whose password had been changed in the last days. Mine was, and as a result I have been charged twice by the current month and got a charge for a buy dating two years ago (but the same day of the month, and it was the last buy I did). All of it smells to a very very tired human operator. Guess the source of his stress.
This is out and out criminal activity ,period.If this were going on anywhere else the cops would be involved. If its true, Apple can’t wash its hands of it.
Sort it out and begin investigating ,, deeply.
All purchases from the iTunes Store should result in a receipt being emailed to the account holder. If users are being scammed without their knowledge, then presumably they are not receiving email receipts for these unauthorized purchases. Apple needs to do a much better job of protecting their millions of account holders from this kind of nonsense.
I always get an email receipt after an iTunes purchase, even for “free apps”.
uhh, you mean, like what apple does already? the person who wants to buy a stolen iTunes password and account, goes in and changes the password AND EMAIL… and apple mails a receipt like they already do… and well… do you see how really … challenged… your statement is? are you sure you thought more than half a second on that solution?
again, WHAT IS APPLE SUPPOSED TO DO?…. issue a statement every day, telling people to get a Mac, so Apple Doesn’t have to deal with Dumb a** PC users who constantly get their PC’s hacked and password stolen?
this happens EVERY SINGLE DAY…..
Just an aside “Get a Mac” is not a solution if the passwords were acquired through phishing.
Two other companies that appear to be using unethical and/or illegal methods to game the iTunes Store ranking system are:
– Flytomap
– Egate (Egate IT Solutions Pvt Ltd)
For the past several months, it seems that every day to two, one or more of these companies’ numerous, cookie-cutter apps just suddenly ‘appears’ in the top 20 (or even top 10!) of the Travel section in the U.S. Store. This should be impossible, with no Apple or major media featuring and often no ratings or reviews whatsoever.
I hope Apple seriously looks into this and all other examples of gaming the ranking system.
When are people going to get it. Open source is the way to go with these type of applications.
It’s very hard to hide a trojan in an open source.
… and yet it has been done. Multiple times. Even in the Linux kernel. Your point being?
The only reason the app store is so popular with “good” developers (opposite of shady developers), is that it’s a closed system where you actually have to pay money, unlike the music industry which has totally collapsed. Read you are not a gadget by Jaron Lanier to hear it from a man with ultimate geek cred.
Thanks for sharing this! My brother had to log out in his iTunes immediately after knowing this. If not, my credit card would probably be in jeopardy as well.
Again, thanks TNW!
Stealing info is easy: the app gets the account name and pass from the unsuspecting user by mimicking the in-app purchase dialog box, or with a different scam. I wonder how Apple allows this kind of app make it to iTunes.
———– the app gets the account name ————
seriously you should be neutered before you spread like a virus… “smart challenged” used to be taken care of by nature, now we’ll have to do it our selves.
Excuse me, how was iTunes ‘hacked’ EXACTLY? Was iTunes.exe cracked? Or the itunes servers cracked. Yes or No?
No. Right, stfu about itunes being ‘hacked’.
Learn to secure your stupid pcs and what a phising scam is.
honkj,
See if you can find the fact(s) below:
a.) Everyone thinks you’re a narcissist.
b.) Has a severe case of hypertensive factoid blowhole.
c.) Exceedingly defensive regarding this whole matter.
d.) All of the above.
honkj, you’ve been saying the exact same things over and over (and hell, using the exact same insult) and its starting to get really annoying. You respond to posts when there’s a little sentence you disagree with that you can add to your first post which has been repeated twenty times over and when people do a post that kills yours like that humongous one by dontbeasheep you just ignore it. Your another Mac fanboy and until you have something new to say shut the fuck up.
—-
You respond to posts when there’s a little sentence you disagree with
————-
so responding to “little” sentences is … bad? i’m not going to repeat the whole of the post, are you offended easily? … “humongous” one? you mean the one where the idiot showed an iTunes WINDOWS FLAW, to prove his point that Macs have security flaws?
i’m supposed to responded to that without laughing? , i responded, did you not see it? i did laugh though when i read it, i’m glad i was not drinking something….
yes, i repeat myself, mainly because more than one person makes the same stupid comment… I’m not going to respond to all of them, but enough of them…
I know for a fact what has happened here, Zee, i am absolutely sure has many facts wrong… and by God i’m going to make it plain that that is what has happened, and yes, repeat myself if someone says the same stupid thing.
“How does a company with no website, no description and apps that are literally swarming iTunes escape punishment?”
an iPhone dev told me that the web url can be removed once an app has passed the approval process..
————–
an iPhone dev told me that the web url can be removed once an app has passed the approval process..
—————
this is correct, and no the developer didn’t escape “punishment” he was removed from the app store along with his app books, all of them… and he will not get paid by Apple, remember the funds run through Apple.
he was stupid, i doubt seriously that he tried to be in the top 50 ratings as Zee has implied. he was simply buying as much as he could during a holiday weekend, to stuff his pockets, nothing more, the floating to the top 50 was a side effect that he probably didn’t think of…
he was greedy and got caught, nothing more.
others have been buying stolen iTunes passwords for years, and simply buying a few songs they want, and a few apps…. before the account owner discovers it. that is how it has always worked, (or buy in app credits)…. it isn’t a new world that has been discovered… it literally has been happening for over 3 years, (sorry to repeat myself)
Hey Zee, I got hit by World War twice in one day for around $250 in total–and have never downloaded any of their games. Luckily my CC company caught it. Apple was no help.
I emailed the iTunes customer support contact today. I asked how the accounts were being hacked. I stated that customers need to know this in order to determine the best way to protect themselves from being robbed. The answer I received contained a link to Apple’s press release site. The responder stated that he/she understood my concerns, but “I cannot comment about such matters on behalf of the iTunes Store. Apple makes its company news available to the public through numerous channels”
I’m not the public. I’m a customer trusting you with my credit card and personal information.
————-
I’m not the public. I’m a customer trusting you with my credit card and personal information.
——————
so are you going to call up Dell too? because that is where you stored the password to your iTunes account…. not once did you ever consider that your PC was hacked?
every single time, i mean every single one, these people always blame someone else…
yet, do you think that all these thousands of “my iTunes account got hacked” are from people that have perfectly secure computers? do you think they all had the best AV software on them? that not a single one of them lost their password to phishing?
by the way, the phishing epidemic is not an epidemic because no one falls for it….
the hacking epidemic of PC’s isn’t an epidemic because all PC’s are secure….
but no, you are the one where you were perfectly secure…. right…..
@honkj
“so are you going to call up Dell too? because that is where you stored the password to your iTunes account…. not once did you ever consider that your PC was hacked?”
Why do you immediately assume it was a Windows machine that was hacked? It could have been a mac, it could have just been a simple phishing site. Both are just as likely considering that Jody did not specify the details.
“yet, do you think that all these thousands of “my iTunes account got hacked” are from people that have perfectly secure computers? do you think they all had the best AV software on them? that not a single one of them lost their password to phishing?”
Yet you seem to think that every single one of them was on Windows? It could have been phishing, but if it was phishing that means it’s platform agnostic. All security is moot against a phishing attack if the User doesn’t recognize it.
How about you get a clue and know what you’re talking about. At the last pwn2own competition (and the one before last if i remember correctly) a MacBook was the first machine to be hacked. Virus’ have existed for mac in the past, such as that iPod worm that went around years ago. Or the more recent trojan that exploited a vulnerability that Apple patched.
No computer is perfectly secure, no matter what is being run on it. Get a clue.
Hold your horses there Apple apologist/fanboi. My account has not been hacked. I am an IT pro with twenty years experience. My stuff doesn’t get hacked. My computers don’t have malware on them. Ever. Stop making excuses for Apple and blaming users. We customers deserve an honest answer now. Not thirty days from now when the dust has settled and four or five hundred more people get robbed. You don’t even know whether the accounts were hacked through iTunes, an app, a compromised Mac or PC. You are making some sort of assumption that everyone who lost money to these thieves had a Microsoft computer full of malware. Cite your source, please. Apple certainly hasn’t said that. As a matter of fact, their silence is deafening. For the record, my computer is NOT a Dell. I haven’t purchased a system in twenty years. I build my systems.
@honkj, you my dear sir are a fool. The point is that besides everyone needing to be very careful with their passwords and desktop/laptop security, Apple does need to address this issue and be more security conscious.
@WTF?? great comment Likewise NotaSheep
This is exactly what happened to me! Someone hacked into my iTunes account and spent over $200 on strange games and apps. iTunes was no help at all. Thank goodness I have a supportive bank. I’m still waiting for this crap to be resolved. Thanks for the helpful info.
FYI, I’m with Mr. Life, I’ve never even downloaded any apps from iTunes. I only use it for the occassional MP3.
Wish they’d do this to my iPhone App and not find out about it :P
My account was hacked as well. Yesterday, the offending app was friendcaller, with 32 charges of $68 a pop, around $2000. Yeah, ouch. I was on the phone with paypal as it was happening, they were able to cut off the auto funding from their end, but I have not heard back from Itunes after leaving an email with them.
This is been happening for a long time now. Just search iTunes Fraud on any search engine and you will see it’s been happening for 5 years now. What’s Apple and iTunes doing anything about it? Nothing.
My account was compromised and hackers spent $2,000 to my iTunes account. The thing that boggles my mind is who in the right mind would buy $2,000 of music or apps in one day? Not hard to put a flag on these type of charges. The fact that Apple refuse to acknowledge that fraud is being committed through iTunes is appalling. Contacting their support all you will get is a canned reply:
“name, I see that you have changed the card on you account “abstrxxxxxxx” from Paypal to VISA on 10/xx/xxxx. The last charge on your account was with the VISA card on 03/xx/xxxx for renting “xxxxxxxxxx”.
So, I urge you to contact your card issuer as soon as possible to inquire about canceling the card or account and removing the unauthorized transactions. You should also ask them to launch an investigation into the security of your account. Under the circumstances the iTunes Store cannot reverse the charges for those purchases without chargeback orders from your card issuer. ”
The charges were not through my credit card, but rather PayPal so iTunes failed to protect my information and security online by allowing the transactions to go through PayPal. This is very concerning as iTunes knew my billing changed from PayPal to Visa back in October and still allow the charges to go through.
For this, I will boycott iTunes and any Apple related product as Apple has shown bad faith in protecting user information.
I was hit last night for over $1000 through my paypal funding. Apple hasn’t “stopped” any breaches. And the app names listed are good products, but the amounts charged for them are way out of line. Also, I have never purchased anything from iTunes since I set up the account in 2009.
i am big buy from
I too have been hit with fraudulent charges totaling nearly $2500 for “Street Cred” in “Original Gangstaz.” I’m disputing the charges with Paypal, my credit card and bank but haven’t been refunded yet.
My account was hacked as well. 2 charges of $48 each. Yeah, ouch. I was on the phone with paypal as it was happening back then.
THis is not just a PC issue I have a 24″ iMac and iTouch. I am a Mac fan also but dont push the blame where it isnt. My problem was when I downloaded an app of mahjong game app and you could download extra tiles sets. They are using keyloggers that are nabbing your password as you type it. This game also has in game ads so they also could be using web sites to do the same. If you have downloaded any apps that have added download content and in app ad avertising and got nabbed dump the app and I was lucky since I didnt have any banking or paypal info linked to my account but they got all my saved back itunes gift card balance.
You, Mac Vs. Pc people argue worse than Arabs and Jews.
Who is at fault? who is better? Who is stupid? Geez?
The issues at hand are not your clan vs. Their clan. The issue the state of internet security vulnerabilities inherent to the operating systems that made possible all these cool new devices that everyone loves so much, and couldn’t live without. I myself love Macs. True , there are way more viruses written for PC but apparently Macs are just as vulnerable but by other means.
These days, where ubiquitous wireless internet exposure, remote access and file sharing programs and the potentially malicious uses of open source code injection, there are now so many different ways to compromise any type of Internet device… and ever more computer savvy people with immoral or criminal intent to do so.
It’s not Mac or Pc. or the generally hapless poor user at fault. …any more than if you left the relative safety of your house and got hit by an olds mobile, It’s not your fault for risking the outside world, nor Chrysler’s fault for making an inherently dangerous product, nor the car’s fault for being inherently dangerous. It’s the provisional nature of social and technology trends. It’s a new world and all these issue will be addressed and changed.
but ultimately…….not for the better. So enjoy your mac or pc while ye may.
The usual idea is that you would use NFC to set up the link between the two devices and then do an automatic hand over to a different protocol for doing the actual transfer of data – eg Bluetooth,iphone 5