toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

Apple identifies 400 victims in App Store fraud case

updated 09:35 am EDT, Wed July 7, 2010

Claims iTunes servers not compromised

Only a small percentage of iTunes accounts were exposed in the recent fraud incident involving e-book apps submitted by Thuat Nguyen, Apple now claims. The company tells Fox's Clayton Morris that approximately 400 people were affected. It also insists that iTunes servers were not compromised, though it has not offered an alternative explanation for the data leak.

As a countermeasure, Apple says it will now require people to enter their credit card's CCV code more frequently for purchases. Those affected by Nguyen's actions were charged for the app downloads, often at a cost of $5 apiece. Apple suggests that if a person's iTunes account is hijacked, the best response is to change the password, and ask the credit card company to cancel the card and issue a chargeback.

Shortly before Nguyen's fraud was discovered, Apple is noted to have begun searching for a full-time "iTunes fraud prevention specialist." The person would be based in Austin, Texas, and among other things require "excellent analytical skills and extensive knowledge of best practices for WW order excpetion management." The timing of the posting may imply that Apple was increasingly concerned about fraud even prior to the Nguyen incident.






by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. hayesk

    Joined: Dec 1969

    +1

    Obvious

    Phase one: phishing scam.
    Phase two: publish fraudulent content on iTunes
    Phase three: have all of the phished accounts buy your content.

    The real question is how could the scammer think this would work? Apple doesn't wire you the money immediately after every sale. Surely the scammer thought about at least one or two of the original account owners complaining before he got paid.

  1. testudo

    Joined: Dec 1969

    +4

    Re: Obvious

    It isn't obvious that it was a phishing scam. Many people have reported on Macintouch that their iTunes accounts have been hacked.

    Apple suggests that if a person's iTunes account is hijacked, the best response is to change the password, and ask the credit card company to cancel the card and issue a chargeback.

    Shouldn't Apple inform the credit card company and issue a charge back? Why should all the people who've been hacked each have to find they were hacked, then call the credit card company?

  1. CarlRJ

    Joined: Dec 1969

    -2

    Oh please...

    The story makes like they're exposing Apple's failure (particularly "Only a small percentage of iTunes accounts were exposed ..." and "[Apple] also insists that iTunes servers were not compromised, though it has not offered an alternative explanation for the data leak").

    I don't think there's been any breach of Apple's servers here: 1) there are a *lot* of hacked PCs in the world; 2) passwords, account numbers, credit card numbers and such get harvested from those hacked PCs; 3) one presumes iTunes account names/passwords are amongst the harvested data, and mostly used to buy electronic media until the fraud is detected and shut off; 4) some fool developer bought a large block of these stolen iTunes accounts/passwords and used them to boost his scores, ignoring how obvious it would be.

  1. DiabloConQueso

    Joined: Dec 1969

    +4

    "Hijacked" is a much better and more accurate term

    It bugs me to no end when people claim, "Someone HACKED my email account!"

    No, they didn't "hack" it. They just happened to guess your piss-poor password choice. They didn't exploit a security hole, they didn't gain entry through a backdoor, and they didn't use any man-in-the-middle attacks.

    "Hijacked" is a much more accurate term. While brute-forcing a password is, indeed, a method of "hacking," it requires the least amount of brain cells to implement and is of the least successful methods of hacking... provided people take password protection seriously and stop using brainless passwords like "davidg0475" -- Mr. David G., born April 1975... :/

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented