Apple responds to iTunes fraud

iTunesMyCompanyBooks

The other day Neowin reported that iTunes accounts were compromised and one rogue developer managed to get 42 of the top 50 sales positions on iTunes. Apple has finally responded to the fraudulent activity on iTunes.

In a reply to Engadget, Apple confirms the reports of one rogue developer, Thaut Nguyen, who somehow managed to hijack accounts and download his books. Although it's not completely confirmed that Thaut Nguyen was officially behind the account hijacking, but reports around the Internet show unauthorized purchasing of his books on various accounts.

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit
http://www.apple.com/support/itunes.”

Some users are stating that there is upwards of $600 worth of purchases, all of which they did not make. The purchases made were mostly books from Thaut, and some random applications found throughout iTunes App Store. Some purchases were as small as $1 dollar, with some transactions exceeding $90+.

Make sure to double check your iTunes purchase history and report any fraudulent activity to Apple and your bank.

Image credit: Engadget.com

Report a problem with article
Previous Story

HDMI to be replaced with an ethernet cable?

Next Story

AT&T capping upload data speeds?

33 Comments

Commenting is disabled on this article.

If they were smart, the people attempting to profit from this would have used that guy as a diversion, whilst they make something tidy as the "random" other applications with some others thrown in for good measure.

I have 3 fradulent charges on my account, for application purchases - mind you i dont own a Mac, iPod, iPad, nor iPhone of any sorts. I do work with macs at work, and had actually started to think fairly highly of them, until this. now after consulting with apple, whom dosent admit anything and who's security measures they did enact on my account are virtually worthless i am taking information and going to the bank tommorw to file a fraud report and get my money back that way.

clue 1) all the victims have iphone/ipod touch/ipad, or you could say, they are Apple customer.
clue 2) all the victims purchased something on Itunes, giving away their credit card info in the process. tips :take note that you can be a iphone users and still does not use itunes for purchase products.
clue 3) it is not the first time that Apple's customers have some troubles with their accounts.

So, the clues point a clear conclusion: Apple is not responsible, not direct or indirectly.

:-/

Magallanes said,
clue 2) all the victims purchased something on Itunes, giving away their credit card info in the process.

Not necessarily the case. There are other ways to pay for iTunes purchases than with a credit card. You can use a PayPal account for purchases, or you can use prepaid iTunes cards that you add to your account.

roadwarrior said,

Not necessarily the case. There are other ways to pay for iTunes purchases than with a credit card. You can use a PayPal account for purchases, or you can use prepaid iTunes cards that you add to your account.

considering apple is asking for people to go through their financial institutes to get the refund back for the fraudulent activity, its a good thing to not use a prepaid iTunes card. any balance would have been lost completely. This brings me to the other questions: Why isnt apple refunding the money themselves? why go through the credit card companies? do they get to keep some percentage of it and let the CC companies take a fraud hit on their accounts?

Magallanes said,
clue 1) all the victims have iphone/ipod touch/ipad, or you could say, they are Apple customer.
clue 2) all the victims purchased something on Itunes, giving away their credit card info in the process. tips :take note that you can be a iphone users and still does not use itunes for purchase products.
clue 3) it is not the first time that Apple's customers have some troubles with their accounts.

So, the clues point a clear conclusion: Apple is not responsible, not direct or indirectly.

:-/

Actually iTunes is one one of these services that stores your credit card number for your convience without any ways of saying otherwise. Indeed, the security is so weak once you're in the system the safety prompts asking if you actually wish to purchase said items; and remembering login information can be disabled with one click.

You know, there are a million reasons to not like Apple, but this incident may have *NOTHING* to do with them.

This could have simply been stupid users giving out their personal information on phishing sites.

Unless some information comes out that this was any fault of iTunes or Apple, I will defend them on this. There hasn't been anything shown that iTunes or Apple was hacked. It just looked like some phished accounts were used to buy stuff. How is that Apple's fault?

People telling others to "stay away" from iTunes, or that Apple has no security have no clue how things work with stupid users.
Apple could have iTunes locked away in Fort Knox - it doesn't matter if you have hundreds/thousands of people that WILLINGLY give their password to some website or email claiming to be from Apple.

Xenomorph said,
You know, there are a million reasons to not like Apple, but this incident may have *NOTHING* to do with them.

This could have simply been stupid users giving out their personal information on phishing sites.

Unless some information comes out that this was any fault of iTunes or Apple, I will defend them on this. There hasn't been anything shown that iTunes or Apple was hacked. It just looked like some phished accounts were used to buy stuff. How is that Apple's fault?

People telling others to "stay away" from iTunes, or that Apple has no security have no clue how things work with stupid users.
Apple could have iTunes locked away in Fort Knox - it doesn't matter if you have hundreds/thousands of people that WILLINGLY give their password to some website or email claiming to be from Apple.

Amen to that. It's almost the same as watching people whining on WoW about how their accounts got hacked. It's all about phishing about 99% of the time, but those same users are pointing the fingers at WoW GMs so "they could sell their authenticators" while Blizzard is doing their best to repair the damage done. What I do not like in this situation is Apple not wanting to issue refunds on said fake purchases. I'm pretty sure it can easily be confirmed that someone logged on to iTunes/App Store from an IP in say Taiwan or wherever this person is located and then downloaded the ton of apps that he did download. Beyond that point, it is probably not incredibly hard to figure out which purchases were 'real' and which - not so a refund can be issued.

Xenomorph said,
You know, there are a million reasons to not like Apple, but this incident may have *NOTHING* to do with them.

This could have simply been stupid users giving out their personal information on phishing sites

If it were Microsoft, then it is. Therefore, regardless of companies, this incident is a good reason to dislike Apple.

thenonhacker said,

If it were Microsoft, then it is. Therefore, regardless of companies, this incident is a good reason to dislike Apple.

Eh? That argument doesn't really make sense. Do I dislike MicroSoft for the existence of phishing sites or heck, even the existence of viruses and other kinds of malware that infect Windows? No. Do I dislike Apple for the same? Errr, sorry, but it's not really Apple's fault. The problem comes from the fact that the system is pretty popular and thus is being targeted by attackers that want to make an easy buck or steal someone's identity.

James Riske said,
The best thing to do is to stay away from itunes, actually anything that says Apple or mac is best avoided altogether.
And what does that have to do with the article?

James Riske said,
The best thing to do is to stay away from itunes, actually anything that says Apple or mac is best avoided altogether.
Best to stay away from the internet all together!!

So they don't know anything. How it was done? Potentially leaving the loophole open for other people to do the same.

Singh400 said,
So they don't know anything. How it was done? Potentially leaving the loophole open for other people to do the same.
The "loophole" is the users not keeping their information secure..

There is the odd case of a security breach, but the Vast majority of these types of things are done with phishing scams, where users give up their information without making sure everything is legit.

DaveGreen said,
This company, as well as Google, is totally careless for its customers' security. Totally.

No amount of security made by any company can prevent "uneducated" users from falling into social engineering/phising attempts. Not saying it is the case here....just a fact.

DaveGreen said,
This company, as well as Google, is totally careless for its customers' security. Totally.

And you know that how? Did someone from Apple come out fair and square, saying that it's a hack of their systems that they were aware of since iTunes 1.0 and did nothing about?

DaveGreen said,
This company, as well as Google, is totally careless for its customers' security. Totally.

You fail miserably.