Exclusive Deal While supplies last, save 40% off over 40 iPhone 5 and iPhone 4/4S cases and chargers as well as Samsung S III cases at Kensington.com. Use coupon code 'SAVE40%' at checkout to receive this exclusive discount.      
toggle

AAPL Stock: 443.47 ( + 1.33 )

http://www.macnn.com/articles/10/07/07/claims.itunes.servers.not.compromised/

Apple identifies 400 victims in App Store fraud case

updated 09:35 am EDT, Wed July 7, 2010

 

Claims iTunes servers not compromised


Only a small percentage of iTunes accounts were exposed in the recent fraud incident involving e-book apps submitted by Thuat Nguyen, Apple now claims. The company tells Fox's Clayton Morris that approximately 400 people were affected. It also insists that iTunes servers were not compromised, though it has not offered an alternative explanation for the data leak.

As a countermeasure, Apple says it will now require people to enter their credit card's CCV code more frequently for purchases. Those affected by Nguyen's actions were charged for the app downloads, often at a cost of $5 apiece. Apple suggests that if a person's iTunes account is hijacked, the best response is to change the password, and ask the credit card company to cancel the card and issue a chargeback.

Shortly before Nguyen's fraud was discovered, Apple is noted to have begun searching for a full-time "iTunes fraud prevention specialist." The person would be based in Austin, Texas, and among other things require "excellent analytical skills and extensive knowledge of best practices for WW order excpetion management." The timing of the posting may imply that Apple was increasingly concerned about fraud even prior to the Nguyen incident.




by MacNN Staff

Post tools:

TAGS :

 iPod, iPhone, security, iTunes, App Store, jobs, Apple, iPad

Related Articles

Recent Articles

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: Sep 1999

    +1
    07/07, 10:36am | report spam | Reply |

    Obvious

    Phase one: phishing scam.
    Phase two: publish fraudulent content on iTunes
    Phase three: have all of the phished accounts buy your content.

    The real question is how could the scammer think this would work? Apple doesn't wire you the money immediately after every sale. Surely the scammer thought about at least one or two of the original account owners complaining before he got paid.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    +4
    07/07, 11:32am | report spam | Reply |

    Re: Obvious

    It isn't obvious that it was a phishing scam. Many people have reported on Macintouch that their iTunes accounts have been hacked.

    Apple suggests that if a person's iTunes account is hijacked, the best response is to change the password, and ask the credit card company to cancel the card and issue a chargeback.

    Shouldn't Apple inform the credit card company and issue a charge back? Why should all the people who've been hacked each have to find they were hacked, then call the credit card company?

  1. CarlRJ

    Fresh-Faced Recruit

    Joined: Mar 2010

    -2
    07/07, 12:01pm | report spam | Reply |

    Oh please...

    The story makes like they're exposing Apple's failure (particularly "Only a small percentage of iTunes accounts were exposed ..." and "[Apple] also insists that iTunes servers were not compromised, though it has not offered an alternative explanation for the data leak").

    I don't think there's been any breach of Apple's servers here: 1) there are a *lot* of hacked PCs in the world; 2) passwords, account numbers, credit card numbers and such get harvested from those hacked PCs; 3) one presumes iTunes account names/passwords are amongst the harvested data, and mostly used to buy electronic media until the fraud is detected and shut off; 4) some fool developer bought a large block of these stolen iTunes accounts/passwords and used them to boost his scores, ignoring how obvious it would be.

  1. DiabloConQueso

    Fresh-Faced Recruit

    Joined: Jun 2008

    +4
    07/07, 12:09pm | report spam | Reply |

    "Hijacked" is a much better and more accurate term

    It bugs me to no end when people claim, "Someone HACKED my email account!"

    No, they didn't "hack" it. They just happened to guess your piss-poor password choice. They didn't exploit a security hole, they didn't gain entry through a backdoor, and they didn't use any man-in-the-middle attacks.

    "Hijacked" is a much more accurate term. While brute-forcing a password is, indeed, a method of "hacking," it requires the least amount of brain cells to implement and is of the least successful methods of hacking... provided people take password protection seriously and stop using brainless passwords like "davidg0475" -- Mr. David G., born April 1975... :/

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News