iTunes accounts plundered, Apple’s App store needs better control mechanisms
YouTube isn’t the only online service whose regular operation has been disrupted this weekend – the Apple App store has been targeted and even some iTunes accounts have been compromised by money-loving criminals.
It all started on Sunday, when The Next Web noticed that the list of the top 50 best selling application in the “Books” category contained 40 applications from the same application developer – one Thuat Nguyen.
Further investigation into the matter revealed that the list was very recently populated by those applications. Apparently, a number of people complained that their iTunes accounts had been hacked and used to buy diverse applications (including those developed by Nguyen). The price of these applications ranges from a couple to a hundred dollars.
Apple has obviously been notified. They reacted by removing all the apps of that particular developer while advising users to change their account passwords. Apple will likely interrupt what payments to the developer they still can stop.
But, this particular instance revealed a bigger problem – Nguyen isn’t the only developer who took advantage of hacked accounts to fill his own pockets and put his applications high on the “popular” lists in hopes of getting more attention and money from legal transactions. As it turns out, “app farms” abound in the Apple App store – one notable example is a farm of 4568 applications, all more or less worthless, developed by Brighthouse Labs.
Apparently, these application farms are held by developers based in Asia – they are probably counting on that fact to keep them form being sued or arrested. The links the developers provided to supposed support and their business pages direct users to non-existent websites.
I’m sure that Apple will have to think about putting some mechanisms in place to prevent things like this from happening – a tighter control over what developers put in the App store is definitely in order. As concerns the hacked accounts, it is yet unknown how that happened. It is possible that account credentials have simply been phished and Apple is blameless when it comes to that particular aspect of this case.
In the meantime, if you are an Apple App store user, you are advised to check their purchases and to get in touch with Apple if they find that your account has been used to buy applications you did not buy yourself. Also, change your iTunes account password and remove your credit card details from the account.