Apple confirms 400 iTunes accounts hackedBy Jose Vilches 14 comments
Apple has confirmed that around 400 iTunes users had their accounts compromised over the weekend in an elaborate scheme to manipulate the App Store rankings. The company said in an emailed statement that Thaut Nguyen and his apps have been "removed from the App Store for violating the developer Program License Agreement." The Vietnamese developer allegedly used other people's accounts to purchase his own apps, at one point occupying 42 of the top 50 book apps sold.
According to the folks at Cupertino, App Store servers were not compromised in any way, so it's likely that affected users were victims of phishing, guessed passwords and other sorts of social engineering techniques. The company said that less than 0.0003% of iTunes users were impacted and assured that Nguyen, like any other developer, didn't receive any confidential customer data when apps were downloaded. Nevertheless, Apple advised users who suspect that fraudulent purchases might have occurred with their accounts to contact their bank, cancel the credit card in question and change their iTunes password immediately.
In response to the incident Apple is reportedly tightening security on App Store purchases -- basically, you'll be prompted to enter your credit card's security CCV number a little more often. This is certainly not the first time that users have had their iTunes accounts compromised as a result of phishing scams, but it's one of the first reported cases were an app bought using other people's accounts has dominated the charts. The incident has put fraudulent activity on iTunes into the spotlight, with reports emerging about alleged "App Farms" being used to scam users out of their money.