Apple Store / iTunes App Store Hacked? Here’s How

Monday, July 5, 2010
By OP Editor

Apple Store / iTunes Hacked? Yellow journalism uses misleading headline. Does not explain the truth: “a fool and his money are soon parted.”

Apple Store, iTunes App Store Hacked, How to

Apple Store / iTunes Hacked? Hall of Shame

What do these have in common:

“App Store, Hacked. (Updated: iTunes Accounts too.)” “Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer… What’s more concerning is that it seems individuals iTunes accounts have been hacked to make mass purchases of that one developer’s apps.” – The Next Web, Zee M Kane, July 4

“iTunes Accounts Hacked [WARNING]“ “An unknown number of Apple IDs have apparently been hacked this week, and are being used to buy hundreds of dollars worth of apps in the App Store.” – Mashable CEO Pete Cashmore, July 4

These articles are written intentionally with misleading headlines to fool people into their misleading story.

The Real Story: Apple Store / iTunes Hacked?

So, why do some people think the iTunes App Store is hacked?

iTunes show popular apps in each category, and some investigative app developers found out that the lowly trafficked “Book category” is dominated by one developer. 40 out of 50 of the top apps in the Apple iTunes App Store, Book category is by Thuat Nguyen of “mycompany.”

It turned out some of the reviews are by unhappy customers who had their iTunes accounts compromised to buy the books. So the first thing the uninformed do is to assume that Apple Store / iTunes was hacked. There must be no other reason for Apps to rise to the top of the Apple App Store, isn’t there?

Coordinated Hack on Apple Store / iTunes?

So is the iTunes App Store hack a wide-spread, coordinated attack on a “vulnerable” system? No it’s not.

Macrumors reports that the Apps are from “one of the lowest trafficked categories in the App Store. Based on sales reports we’ve received from developers, the number of daily sales required to hold a book in the #10-#50 rank seems to range from 50-250 sales a day. That means that even if every sale was based on a compromised account, the actual number of accounts involved are minuscule compared to the 100 million active iTunes accounts.”

In reality, not only are the numbers of compromised iTunes accounts insignificantly small, similar things has happened before with virtually every major online store due to a small portion of its users. Those users don’t secure their account for various reasons, and it’s easy to “hack” those accounts on any system.

iTunes Account Hacked: 3 Common Reasons

In truth, the compromised accounts are unlikely to be due to Apple servers being hacked. It’s more likely to be one of these reasons caused by compromised passwords:

1. User falls for phishing scams. AKA, I’m Nigerian royalty and would like to send you money but you need to send me money first, or you need to confirm your account via this link that doesn’t match your store’s URL.

2. User uses insecure passwords. In a recently analysis, New York Time reports that “20 percent of people on the [site] RockYou list picked from the same, relatively small pool of 5,000 passwords.” Basically, one out of five Web users decides to “leave the digital equivalent of a key under the doormat.”

3. User is running Windows. The Microsoft platform is abundant of viruses, spyware, and trojans that can steal user information include online account password & personal identity. (Trojans depend on tricking users, and is platform independent).

Even Adobe, well known for Flash, could be responsible for user’s Apple Store accounts being hacked. Computerworld reports that by the count of security researchers ScanSafe of San Bruno, California, “malicious Adobe PDF Reader documents made up 80% of all exploits at the end of 2009.”

Apple computers running Mac OS X has with its own fast Apple app for reading PDF, so the Adobe Reader vulnerabilities mainly affect Windows users.

Find Out if Your Apple Store / iTunes Account is Hacked

The scam developer has been already removed by Apple. If you are user under one of the above three categories, than you should find out whether your Apple Store / iTunes account password is compromised.

Apple help you do that already. Apple emails your Apple Store / iTunes receipts regularly. Thus, many users learned of their compromised account due to Apple’s emails. You can also log into your account and check App purchase history.

How to fix it if your account has a weak password? Change your password to something that’s secure:

  • Do not use a dictionary word
  • Do not use the same password for all accounts
  • Use complex passwords that combine uppercase, lowercase, numbers, and punctuation

iTunes Hacked? Conclusion

FAIL: Pete Cashmore, Mashable CEO

Mashable CEO Pete Cashmore, misleading fear mongering yellow journalism fail

FAIL: Zee M Kane, The Next Web, Editor in Chief

Zee M Kane, misleading fear mongering yellow journalism fail

Why Mashable (partly sponsored by Microsoft) & The Next Web FAIL? Those publications did not mention what users can do to improve their security on all platforms.

Conclusion. Shame on the misleading fear mongering yellow journalism articles published by The Next Web and Mashable. Nothing is hacked, except for the small users who don’t know better, better judgement, and common sense.


Related Posts

  1. Valve: Steam Database Hacked, Watch Your Credit Card Records
  2. Microsoft Store India Hacked, Plaintext Passwords Leaked
  3. Apple Opens iTunes iPad App Store
  4. Over 1 Million Android User Data Compromised
  5. Apple Smartphone Lacks Security? iPhone Hacked / Cracked in 20 Seconds? The Whole Story

Tags: Analysis, Apple, Apple Store, Fail, iTunes, Security

One Response to “Apple Store / iTunes App Store Hacked? Here’s How”

  1. chris

    is this your version of “you’re holding it wrong”?


Site Search

iPad Air 2 Case

Popular Tags