or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › iTunes App Store hit by developer and account fraud
New Posts  All Forums:Forum Nav:

iTunes App Store hit by developer and account fraud

post #1 of 72
Thread Starter 
Apple's iTunes Store users are increasingly being targeted in a number of fraud cases, some of which appear to be orchestrated by iOS app developers seeking to boost their sales rankings, and others which appear to be a widespread hack of user accounts.

While the billions of songs and apps being sold in the iTunes Store to millions of account holders are certain to bring with it a certain amount of fraudulent purchase reports, a new wave of very suspicious app purchases appear to have boosted the sales of a single App Store developer to an overwhelming 40 spots of the top fifty apps in the books category.

The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, whose publishing company is listed by Apple as "mycompany" with a website of "Home.com." It's impossibly unlikely that 80% of the American App Store's book sales were legitimately dominated by sales of shoddy anime book apps that are not localized, appear to violate intellectual property rights, and were all dumped into the App Store at once over a period of a couple days.

Even more worrying is that sales of the junk apps are being reported by multiple users in iTunes as fraud activity. User ratings on the titles frequently complain about having discovered the purchase as part of fraud activity on their accounts. A flurry of positive reviews say simple things like, "it's great" and "good, this story is very interesting," creating the appearance that they have been added by the same group behind the fraud sales.

The fraudulent book sales are not just overwhelming the App Store charts with junk; they're also pushing legitimate titles by real developers out of the view of shoppers, devaluing the iTunes Store in the minds of users, and eroding Apple's position that the App Store is a carefully curated marketplace that doesn't suffer from the junkware bloat and intellectual property fraud of Google's Android Market.




iTunes accounts being hacked

In addition to listings fraud aimed at promoting the sales of specific junkware developers, it also appears that Apple's iTunes accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users and resell access to the accounts to buyers who pay a few dollars in exchange for information that allows them to make fraud purchases of several hundred dollars before the account's card is turned off.

Last month, a user posted a forum comment stating, "I am going to tell you the truth about what has been going on with your account." The anonymous user then explained, "lets say you are a Chinese guy or girl with an iPhone or iPad and you want to get some music, movie or app. How you do you do it? You go to http://www.taobao.com: The (by far) largest online market in the world and type iTunes in the search bar. Immediately you will be presented with a list of more than 7,000 items.

"You want to save money, so you filter the list to show only items under RMB25.00- (US $3.60) and still you have more than 3,600 offers. So you pick some one at random like, as an example, this one: http://item.taobao.com/item.htm?id=5516054242. You open the online chat and you transfer him RMB22.00 (US $3.20). He ask you in the online chat to provide a new iTunes account name and password, and you comply: User: qiuwge3foe3333@yahoo.com Password: qwer34567

"He asks you to wait 10 minutes online. He has already a number of user accounts under surveillance, so he enters in the iTunes account of his victim, change his/her username and password to the one you provided, and come back to ask you try it and approve the transaction so Taobao.com releases his money. Even if you cant read Chinese you can see very clearly in his item description that this account will not last more than 24 hours (the time for his victim to see the charges mounting and then cancel the credit card).

"He claims that he selects 'his' accounts so you can drain at least US $250.00 from them before they get cancelled. He urges you to be fast and buy and download as fast as you can. Start immediately! Keep the download going on for the full 24 hours! There is no warranties on how long it will last! Because he already changed the username and password, the victim cant stop you.

"There are cheaper ways, of course! You can join a 'frenzy feeding,' where the same hijacked account is sold to several customers. It is much slower and, because it was 'opened' maybe hours ago, it will be much shorter lived. It can be had for RMB1.00 to RMB5.00 (US $0.14 to US $0.74). The most important thing, however, is to BUY fast not to download fast. You can download at leisure during the next weeks. iTunes will not stop you: It will only remind you that your (victims) credit card is not working and invite you to update your payment details.

"Then, if you want more applications later on, you just enter in Taobao.com and get again a new account in a few minutes. This is the sad reality. There are a lot of of things Apple could do to stop this, like canceling the hijacked accounts and de-authorizing its computers, making the whole process useless. But for what? This is not a problem for Apple: It is a problem for the credit card industry. The account is right, the payment is right, end of the story. If you claim that someone used your credit card to buy things it is a problem between you and your bank, not between you and Apple!

"Please note that when you are buying like crazy with 'your' new account Apple doesnt bill directly to the credit card every time you add an item: It bills in batches of around (below) US $50. This is another detail that shows how cunning they are! You buy, buy, and buy. And every time your reach 40-something dollars Apple invoices the card. If it pass, you can keep buying. If not, it stops you from buying more.

"This achieves two things: One, it limits the damage to Apple as they only can get hooked for, at most, US $50. Two, makes the whole system safer for them, as purchases under US $50 are not protected in the States law. And it is funny that if that last transaction doesnt go through, then is when the rage of Apple comes over you for any item you may have already download before the invoicing point was reached.

"Apple will put a flag on your account and will not allow you to download updates for any of the apps on 'your' account (whatever order they came from) or download the pending episodes of 'your' season passes). In this case, you have no option but to go to Taobao.com and use another procedure.

"There are people (the same people) who saves you time by doing in advance the whole process of providing the user, etc. Theyve already 'opened' an account and used it to purchase one or two US $50.00 gift certificates. You get one (US $1.40) and use it to cover the debt with Apple so they can let you enjoy peacefully the items you 'own.'"

Apple monitoring fraud

Out of the billions of transactions handled by iTunes, it's not surprising that there is considerable fraudulent activity occuring. However, the apparently unchecked fraud being orchestrated on such a wide scale, combined with Apple's very slow response in handling extremely suspicious sales that dramatically distort sales rank as noted in the initial example, shed a very questionable light on Apple's assertion that iTunes is a carefully curated marketplace.

It also calls into question why the company works so hard to carefully review developer titles in some areas while at the same time allowing large amounts of very low quality junkware to be listed by obviously illegitimate "companies" with fake contact information.

(Update: A report by App Store developer Alex Brie on the situation indicates App Store developers have been contacted by Apple's Worldwide Product Marketing senior vice president Phil Schiller, and an investigation is now underway.)
post #2 of 72
Quote:
Originally Posted by AppleInsider View Post

... The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, ...

I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.

I'm an artist, and could easily steal some old out of copyright work and jazz up a few illustrations and a cover for it and sell it on the app store. I don't do that though, because it's wrong, (legal though it might be). These kind of apps add nothing and are a blight on the app store for the most part.
post #3 of 72
This is definitely an alarming issue that needs more widespread attention. I don't usually expect AppleInsider to be so critical on Apple, but it's good that this report is thorough and concerned about Apple's slow response.

In terms of people who've used fake or stolen accounts to purchase apps, can Apple's app kill switch be used to deactivate those applications on those user's next iTunes sync? Or is the app kill switch a more blunt instrument that can only to be used to kill an app for all users across the whole App Store rather than just those users who have participated in fraud? Although, Apple needs to be very careful in using this of course, since the media attention on false positives would be even worse than the fraudulent activity going on right now.
post #4 of 72
Quote:
Originally Posted by Prof. Peabody View Post

I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.

I'm an artist, and could easily steal some old out of copyright work and jazz up a few illustrations and a cover for it and sell it on the app store. I don't do that though, because it's wrong, (legal though it might be). These kind of apps add nothing and are a blight on the app store for the most part.

I agree for the most part, however, I would caution that some book apps are really good, I dont have nor want kids, but I have seen some apps in use that do things that Kindle, ibooks and the like do not, things like animated illustrations, or read along features where kids who are just learning to read can have each word highlighted as it is played via a recording of a friendly sounding professional reader, not a robo voice like the Kindle offers for some books.

What needs to happen is there needs to be media apis available to i Books, have three book cases, traditional books, PDFs, and interactive material. This would be great for digital textbook supplemental materials as well. With DVD Studio Pro and Motion laying around, Apple has all the tools to build an awesome content creation experience for interactive books, just mix and match the best of those video features with what Apple has learned from Pages and Keynote and make an application for Mac that does content design for iBooks, and allow other third party reputable resellers like amazon, or barns and noble to do book apps...problem solved.
You can't quantify how much I don't care -- Bob Kevoian of the Bob and Tom Show.
Reply
You can't quantify how much I don't care -- Bob Kevoian of the Bob and Tom Show.
Reply
post #5 of 72
Hope Apple files charges against this idiot developer.


Also i don't think he will ever be in ANY app store. his credibility and reputation is now in the shitter.
post #6 of 72
It seems as though Apple has removed the books in question and now the top books are where there were before.
post #7 of 72
The reports are way overblown.
post #8 of 72
"It Just Works"...
"Why iPhone"... Hmmm?
Reply
"Why iPhone"... Hmmm?
Reply
post #9 of 72
I guess the great firewall only works one way. Looks like Chinese government is good at keeping people away from "porn" but not very good at keeping people away from stealing money from people in other countries.

Anyway, those "buyers" could have just as easily jail broken their devices and stolen apps without having to rip paying itunes account holders off. Will be interesting to see what apple does about this.
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #10 of 72
Quote:
Originally Posted by davesw View Post

Hope Apple files charges against this idiot developer.


Also i don't think he will ever be in ANY app store. his credibility and reputation is now in the shitter.

Lol, the guy in question must not even exists... Must be a group of counterfeiters and freelance hackers helping them to sell illegal copyrighted works... As always the shop company -whatever it is Ebay selling "genuine" Chanel bags or there Apple- taking their percentage on the fraud.
post #11 of 72
Quote:
Originally Posted by AppleInsider View Post

... devaluing the iTunes Store in the minds of users, and eroding Apple's position that the App Store is a carefully curated marketplace that doesn't suffer from the junkware bloat and intellectual property fraud of Google's Android Market.


Ummm, I already think that the App Store is full of junkware. Maybe they could introduce finer subdivisions? Like:

Entertainment:

Farting apps

List apps

Lists of jokes

Lists of stupid things to say

Lists of chat-up lines

Utilities:

Tip calculators

Apps to multiply a number by 0.1

Apps to multiply a number by 0.15

post #12 of 72
Let's not forget -

'Apps to generate revenue, but have no real purpose beyond a 60 second novelty'
post #13 of 72
Quote:
Originally Posted by Sensi View Post

Lol, the guy in question must not even exists... Must be a group of counterfeiters and freelance hackers helping them to sell illegal copyrighted works... As always the shop company -whatever it is Ebay selling "genuine" Chanel bags or there Apple- taking their percentage on the fraud.

Selling paid apps in the app store is not as easy as you think. Developers are required to supply real bank account numbers. Apple take the time to verify the information, sometimes weeks, before a developer can sell paid apps in the app store.

Beside the money from apps will take 30 days from the close of the billing period to be released to the developer. For example, money from this month sales will reach developers on or after August 1st. This gives Apple advantage in case something like this happens.
post #14 of 72
Quote:
Originally Posted by colinh View Post

Ummm, I already think that the App Store is full of junkware. Maybe they could introduce finer subdivisions? Like:

Entertainment:

Farting apps

List apps

Lists of jokes

Lists of stupid things to say

Lists of chat-up lines

Utilities:

Tip calculators

Apps to multiply a number by 0.1

Apps to multiply a number by 0.15


When Apple first rejected fart apps all hell broke and Apple was called control freak.
post #15 of 72
all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.

unless apple does something to make iTunes more secure i am not buying another single thing off that app.

i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.
post #16 of 72
and thank you for writing this article. this is a serious issue since i was a victim and apple honestly did ABSOLUTELY NOTHING about my problem except turn off my account. i also filed a complaint with the consumer protection org. FTC.

this is a huge security issue which they won't admit or anyone has really made public. great article.
post #17 of 72
Quote:
Originally Posted by hdang221 View Post

all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.

unless apple does something to make iTunes more secure i am not buying another single thing off that app.

i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.

No one will because it is your bank job to do so. I left my Visa debit card at a restuerant once and came back the next morning and picked it up. Few months later my card was used to buy software online for more than $300. I called the bank and they put the money back into my account and issued me new card. I didn't even bother calling the software seller.
post #18 of 72
Quote:
Originally Posted by hdang221 View Post

he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities.

Sure they do (give your money back), but the type of activity can limit what they can do. Their Support area is through your iTunes account. You can check your history and report a problem. I've used it several times over the years with great success.

Once I was gifting a TV Show and it kept timing out on the purchase. I kept trying until it went through. My card was later charge for multiple attempts even though the recipient only received once email for the gift. Apple refunded all my money, not just all but one sale, they also credited my account with several free TV shows (these could not be used with other types of iTS media, not eve HD TV Shows). That was better than I expected.

The great thing about CCs today is there is an inherent protection. Personally, I do all internet purchases from a low value CC just in case it does get stolen. I know I'll get it back but I also won't be inconvenienced by it. I simply pay it off the day I buy something, but that does mean my CC company has my bank info, so it's not a full proof plan, because they could get hacked.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #19 of 72
with both the victims and Apple. As an e-commerce vendor, it's like a Rock and Hard place. The whole e-commerce security should evolve to provide security to users. There have been so many proposals such as single use credit card numbers (a.k.a online gift cards issued by Visa etc.,) but somehow the banks have not taken much initiative there.

Problems like this are not limited to Apple. Apple can do it better, so can Amazon, eBay and other major e-businesses. eBay users (including me) go through so many such fraudulent activities that it feels like a quagmire to buy and sell stuff there.
post #20 of 72
i really don't know how u got your money back.. when i was told the charges cannot be reversed..

here's the response i got back from apple. and it clearly does not state any compensation, crediting, etc.. so its up to you and your bank in the end. my point is iTunes has serious security issues if someone is hacking your acct and actually getting your CC etc..



Hello Huy,

Curtis here, from the iTunes Store. I understand you are concerned about purchases that were made with your iTunes Store account without your permission or knowledge. I can certainly understand how eager you must be to have this looked into and I would be happy to do all I can to help.

Huy, to prevent further purchasing, I have disabled your account and banned the credit card on file from making purchases on the iTunes Store. Please note that your iTunes account can be enabled in the future by providing specific information to iTunes Store support.

I urge you to contact your credit, debit, or payment card issuer as soon as possible to inquire about canceling the card or account and removing the unauthorized transactions. You should also ask them to launch an investigation into the security of your account. The iTunes Store cannot reverse the charges.

In the meantime, I strongly recommend you change your account password immediately. Changing the password will help to prevent anyone else from using your iTunes Store account to place orders without your knowledge. To increase the security of your account, choose a password that has at least eight digits and includes both letters and numbers. You can change your password using this website:

http://iforgot.apple.com

If you wish, you can also delete your payment information from the iTunes Store as follows:

1) Make sure you're using the latest version of iTunes. It can be downloaded free of charge from the iTunes website:

http://www.itunes.com/download

Note: Installing the latest version of iTunes will not affect your library or any items in your account that you haven't downloaded.

2) To open iTunes and go to your Apple Account Information page, click this link:

http://phobos.apple.com/accountSummary

3) Enter your iTunes Store account name and password, then click Account Info.

4) On the Apple Account Information page, click the Edit Payment Information button.

5) Select None from the list of credit card types. This will delete your billing information.

6) Be sure to click the Done button at the bottom of the page to save your changes.

If you suspect you are the victim of identity theft, consider following these recommendations:

- Contact the fraud departments of any consumer reporting company to place a fraud alert on your credit report.

- Close the accounts that you believe have been used without your knowledge.

- File a complaint with the Federal Trade Commission (FTC). For more information, please visit:

http://www.ftc.gov/idtheft

I sincerely hope that you are able to resolve this matter with the help of your credit card company, as soon as possible, Huy. If your financial institution advises you that there's something more we can do from the iTunes Store Support side of things, I'll be happy to assist you further. Thank you for your patience and understanding.

Best Wishes

Curtis
iTunes Store Customer Support
My Hours are: Monday-Tuesday. OFF Wednesday 8:00AM-4:30PM, Thursday-Saturday 8:00AM-4:30PM
post #21 of 72
Quote:
Originally Posted by hdang221 View Post

i really don't know how u got your money back.. when i was told the charges cannot be reversed..

here's the response i got back from apple. and it clearly does not state any compensation, crediting, etc.. so its up to you and your bank in the end. my point is iTunes has serious security issues if someone is hacking your acct and actually getting your CC etc..

Of course they can credit your card back. If they can take money from your card they negate those charges too. It's part of the system.

It sounds like your credit card data itself was highjacked, not just your iTunes Store account. That means it's not Apple's responsibility, it's for your CC company to delete and to remove all funds. Whether that is what happened or not, it does seem like that is what Curtis thought. Note, my anecdote was about Apple refunding my charges, not needing to cancel a CC.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #22 of 72
...accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users...



Now how does he know these people are white?
post #23 of 72
Quote:
Originally Posted by hdang221 View Post

all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.

unless apple does something to make iTunes more secure i am not buying another single thing off that app.

i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.

Quote:
Originally Posted by hdang221 View Post

and thank you for writing this article. this is a serious issue since i was a victim and apple honestly did ABSOLUTELY NOTHING about my problem except turn off my account. i also filed a complaint with the consumer protection org. FTC.

this is a huge security issue which they won't admit or anyone has really made public. great article.

second that. I had the same problem. Somebody should write to Steve Jobs about this to take this seriously. This is such non-sense that I have to go through that there wasn't even a phone number to call. I ultimately figured a phone number and way to contact the customer department, and then through him to manager who generated a case id and promised it will be taken care of.

Quote:
Originally Posted by NasserAE View Post

No one will because it is your bank job to do so. I left my Visa debit card at a restuerant once and came back the next morning and picked it up. Few months later my card was used to buy software online for more than $300. I called the bank and they put the money back into my account and issued me new card. I didn't even bother calling the software seller.

This is ultimately what I did too. Called CC to change credit card; start a dispute charge case and let them take care of it. meanwhile, as someone suggested here use those 1 time credit card use number that you can generate with many of visa and master cards. Set it to something like $39 (since this >$40 is what apple looks for; and exactly this what happened to me - multiple 40-ish charges) and an expiry date.

My cc company ultimately refunded it and is taking care of contacting Apple to get their share of money, if they even can from the greedy (n rotten) Apple.
Zune zucks...Flop show...then it may be too zoon to say that
I don't know how to zunecast!
Reply
Zune zucks...Flop show...then it may be too zoon to say that
I don't know how to zunecast!
Reply
post #24 of 72
Quote:
Originally Posted by dadsgravy View Post

...accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users...

Now how does he know these people are white?

Assuming your comment was a real question posing as a joke...
Quote:
Originally Posted by Wikipedia

A black hat hacker, sometimes called "cracker", is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #25 of 72
Quote:
Originally Posted by solipsism View Post

Of course they can credit your card back. If they can take money from your card they negate those charges too. It's part of the system.

It sounds like your credit card data itself was highjacked, not just your iTunes Store account. That means it's not Apple's responsibility, it's for your CC company to delete and to remove all funds. Whether that is what happened or not, it does seem like that is what Curtis thought. Note, my anecdote was about Apple refunding my charges, not needing to cancel a CC.

my CC was hijacked from my iTunes acct..... so it's still apple's responsibility. they're the one storing my info and allowing someone have access to and illegally using it. its no different then walking into a store and the cashier stealing your CC info and making illegal charges. the store is still responsible.. in this case Apple. they're providing a service so protect the consumers.
post #26 of 72
Quote:
Originally Posted by hdang221 View Post

my CC was hijacked from my iTunes acct..... so it's still apple's responsibility. they're the one storing my info and allowing someone have access to and illegally using it. its no different then walking into a store and the cashier stealing your CC info and making illegal charges. the store is still responsible.. in this case Apple. they're providing a service so protect the consumers.

But the card still needs to get canceled. Your creditor may have charged Apple since the breach came from their end, but I have a feeling both are well insured and protected in these matters, just as you are.

Either way, since it looks your CC data was itself compromised, not just some kid gifting himself some apps, you have to have the card canceled. Do you really want a 3rd-party company to be able to call up your creditor, close your card canceled and have a new one shipped to you in 5-7 business days? I sure don't. That is fraught with potential issues.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #27 of 72
Quote:
Originally Posted by solipsism View Post

But the card still needs to get canceled. Your creditor may have charged Apple since the breach came from their end, but I have a feeling both are well insured and protected in these matters, just as you are.

Either way, since it looks your CC data was itself compromised, not just some kid gifting himself some apps, you have to have the card canceled. Do you really want a 3rd-party company to be able to call up your creditor, close your card canceled and have a new one shipped to you in 5-7 business days? I sure don't. That is fraught with potential issues.

agreed. but i think you're missing my point. which is...iTunes is wrought w security issues. it's not about canceling my CC or who is suppose to credit me. when u open an iTunes acct you're required to give a CC number which of course u can remove but is it really that easy to hack into an itunes acct and steal that person's CC info? apple needs to address this..that's all.
post #28 of 72
Quote:
Originally Posted by hdang221 View Post

agreed. but i think you're missing my point. which is...iTunes is wrought w security issues. it's not about canceling my CC or who is suppose to credit me. when u open an iTunes acct you're required to give a CC number which of course u can remove but is it really that easy to hack into an itunes acct and steal that person's CC info? apple needs to address this..that's all.

That is a separate issue than originally presented which I think Curtis was clearly correct. I agree that it's inconvenient, but security is always inconvenient.

I agree that they should take better steps to protect your data, but I personally don't know what they are or how well they protect it. I think they have over 300M CC numbers on file so I can see why that would be a huge target to thieves. Even if they have the best system on the planet (which I doubt they do), that doesn't mean they can't improve upon it or that there are still going to be holes and the occasional hacks.

Besides having a CC card specifically for internet purchases I also use 1Password with unique passwords at 32 characters, if the system will allow it. Oddly, and perhaps ironically, my bank and CC companies have really low character and type of character limits on passwords. Those are precautions on my end, and surely won't help if the hack is on the backend of the system, but at least I know nothing else in my life will be compromised if it happens. I even a PO Box specifically so my home address isn't used. Maybe I'm taking it too far.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #29 of 72
The credit-card fraud scheme described in the article sounds real enough, but the claim that developers somehow have scammed Apple into listing this manga at the top is not backed up at all in the article. If a bunch of Chinese teenagers go on a 'feeding frenzy' in the store, it is no wonder that manga, good or not, ends up in the top 50. Especially if the category is a slow one to begin with, and the teenagers are in a hurry to rake in as many goodies as they can before they are found out. No further explanation is necessary.

It is entirely possible that this particular manga violates intellectual property rights, and this manga may even be squarely aimed at these fraudulent teenagers, but that still doesn't prove that the Apple store is somehow hacked by the developers. Also, I note that the individual episodes of this manga have their own icon, which elevates these entries above the bottom-feeding shovelware in the app store that only has a generic icon. This suggests they were intended as legitimate (although perhaps not legal) apps.
post #30 of 72
Quote:
Originally Posted by hdang221 View Post

here's the response i got back from apple. and it clearly does not state any compensation, crediting, etc.. so its up to you and your bank in the end. my point is iTunes has serious security issues if someone is hacking your acct and actually getting your CC etc..

It's the normal thing, when your credit card is hijacked, to sort it out with the credit card company not the retailer, this is not an Apple policy but an industry wide one.

Normally you ring your CC company and tell them you did not buy item X on your statement and you refuse to pay for it, then they sort it out with the retailer. It's one of the services they provide, dealing with the retailer for you.
post #31 of 72
Quote:
Originally Posted by Prof. Peabody View Post

I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.

I agree, it's confusing for the users having books in iBooks and also books as apps. Unless there is a significant amount of interactivity or animation they should refuse submissions.
post #32 of 72
It sounds like a pretty dodgy credit card company if they are this forthcoming with their inner workings.

Either that or you are a full of shit, bandwagon jumper.

Quote:
Originally Posted by iPoodOverZune View Post

My cc company ultimately refunded it and is taking care of contacting Apple to get their share of money, if they even can from the greedy (n rotten) Apple.
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
post #33 of 72
The breach could also come from compromised PC's with keyloggers that pass iTune account info on from infected computers that are part of a botnet.

It would be interesting to see how many affected users are using OSX vs Windows versions of iTunes.

Quote:
Originally Posted by solipsism View Post

But the card still needs to get canceled. Your creditor may have charged Apple since the breach came from their end, but I have a feeling both are well insured and protected in these matters, just as you are.

Either way, since it looks your CC data was itself compromised, not just some kid gifting himself some apps, you have to have the card canceled. Do you really want a 3rd-party company to be able to call up your creditor, close your card canceled and have a new one shipped to you in 5-7 business days? I sure don't. That is fraught with potential issues.
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this webpage so it was reloaded.A problem occurred with this...
Reply
post #34 of 72
http://forums.macrumors.com/showthread.php?t=960064



Reports of 'App Store Hacked' Greatly Exaggerated

Earlier today a report on TheNextWeb claimed that the App Store had been hacked and that a rogue developer had gamed the system by artificially driving sales to their eBooks. The rise in ranks were noted by competing developers who thought the rise strange given that the books all represented poorly coded Vietnamese-based books.

A couple of reviews left on one of the books revealed that at least two customers had their iTunes accounts compromised to purchase the books. This led to theories that a widespread attack specifically tied to this developer could be the cause of the rise in ranks. Which then led to a cascade of headlines suggesting that everyone's iTunes account was suddenly vulnerable to a coordinated attack. While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.

The Book category in which we found these apps (note, they've been pulled from the App Store) is one of the lowest trafficked categories in the App Store. Based on sales reports we've received from developers, the number of daily sales required to hold a book in the #10-#50 rank seems to range from 50-250 sales a day. That means that even if every sale was based on a compromised account, the actual number of accounts involved are minuscule compared to the 100 million active iTunes accounts.

Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed. However, this issue has been ongoing for years and we're not convinced there has been a major spike in activity. iTunes accounts are easy targets since they are so common. In our forums we have had a running thread on the topic since January 2008. A few reports appear every few months. There do seem to be a higher number of reports arising the past day or two of other iTunes accounts being hacked. It's certainly possible there has been an acute rise in the past few days, but the added press coverage will certainly attract more stories. Meanwhile, a blog post from 2009 similarly attracted a number of "me too" reports.

It's still a good idea to make sure your accounts are safe, and especially important to make sure you have good (and different) passwords on all your sensitive accounts. Common mistakes include easy to guess passwords and shared passwords across multiple accounts.
post #35 of 72
Quote:
Originally Posted by Quadra 610 View Post

While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.
...
Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed.

Comforting?

Consider also:

Quote:
This article began with details of one specific app developer hacking iTunes users accounts and purchasing their own apps using those accounts – making it to the top of the iTunes charts. As the story has developed it appears to be far more widespread than just that one particular developer and his apps…the Apple App store is filled with App Farms being used to steal.

http://thenextweb.com/apple/2010/07/...-store-hacked/

Quote:
As the story of of iTunes accounts being hacked continues to develop, we’ve come across a number of what we would call “App Farms” in iTunes being used to scam users out of their money.

Despite a claim that we’re exaggerating the gravity of the entire situation, let’s show you a few examples of these app farms and you can judge for yourself. ...

http://thenextweb.com/apple/2010/07/...al-your-money/
post #36 of 72
Quote:
Originally Posted by NasserAE View Post

Selling paid apps in the app store is not as easy as you think. Developers are required to supply real bank account numbers. Apple take the time to verify the information, sometimes weeks, before a developer can sell paid apps in the app store.

Beside the money from apps will take 30 days from the close of the billing period to be released to the developer. For example, money from this month sales will reach developers on or after August 1st. This gives Apple advantage in case something like this happens.

Actually I have no clue how it works, thus thank you for your explanation.
post #37 of 72
Quote:
Originally Posted by DaHarder View Post

"It Just Works"...

I take it that's a dig at Apple? iTunes always just worked for me.

Quote:
Originally Posted by hdang221 View Post

all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.

unless apple does something to make iTunes more secure i am not buying another single thing off that app.

i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.

Sorry for what happened, but it is clearly a secure downloading app. "Secure" does not mean fraud never happens. iTunes processes millions of transactions. They process something like 1,000,000 music tracks and 50,000 movies per DAY. It's actually incredibly secure. Your credit card info itself was not in jeopardy through iTunes. It's the account that got hacked or someone guessed/obtained your password. That's all.

Quote:
Originally Posted by hdang221 View Post

and thank you for writing this article. this is a serious issue since i was a victim and apple honestly did ABSOLUTELY NOTHING about my problem except turn off my account. i also filed a complaint with the consumer protection org. FTC.

this is a huge security issue which they won't admit or anyone has really made public. great article.

and then....

Quote:
Originally Posted by NasserAE View Post

No one will because it is your bank job to do so. I left my Visa debit card at a restuerant once and came back the next morning and picked it up. Few months later my card was used to buy software online for more than $300. I called the bank and they put the money back into my account and issued me new card. I didn't even bother calling the software seller.

Nasser...EXACTLY. This is not Apple's problem. They turned off his account. That's what they should have done.


Quote:
Originally Posted by solipsism View Post

Sure they do (give your money back), but the type of activity can limit what they can do. Their Support area is through your iTunes account. You can check your history and report a problem. I've used it several times over the years with great success.

Once I was gifting a TV Show and it kept timing out on the purchase. I kept trying until it went through. My card was later charge for multiple attempts even though the recipient only received once email for the gift. Apple refunded all my money, not just all but one sale, they also credited my account with several free TV shows (these could not be used with other types of iTS media, not eve HD TV Shows). That was better than I expected.

The great thing about CCs today is there is an inherent protection. Personally, I do all internet purchases from a low value CC just in case it does get stolen. I know I'll get it back but I also won't be inconvenienced by it. I simply pay it off the day I buy something, but that does mean my CC company has my bank info, so it's not a full proof plan, because they could get hacked.

Good plan. I never had a problem with their service. Not the same kind of example, but I once scratched off the code of a gift card completely. Service just asked me if there was any part of the number I could read, and then activated the card once I told them. It was fine.

Quote:
Originally Posted by hdang221 View Post

agreed. but i think you're missing my point. which is...iTunes is wrought w security issues. it's not about canceling my CC or who is suppose to credit me. when u open an iTunes acct you're required to give a CC number which of course u can remove but is it really that easy to hack into an itunes acct and steal that person's CC info? apple needs to address this..that's all.

This is a patently false statement. It's not "wrought with security issues." I say again...they have processed BILLIONS of transactions with relatively few problems. No one "hacked into the account" and stole your CC. They used your account by gaining access somehow. Your card happened to be attached.
It's no different than someone getting your bank login info. It's not the system itself.
I can only please one person per day.  Today is not your day.  Tomorrow doesn't look good either.  
Reply
I can only please one person per day.  Today is not your day.  Tomorrow doesn't look good either.  
Reply
post #38 of 72
I don't understand how these accounts are being "hacked." There is nothing in the story to suggest Apple has had a security breach.

This leads me to believe that the hacking in question is really just users doing stupid things with their account information. Or maybe they are Windows users that have some sort of malware on their system that sending out their information.

Plus, while I understand it is a convenience, you should never let a vendor hold onto your credit card information as these people obviously did. That is just stupid.

-kpluck

Do you use MagicJack?

The default settings will automatically charge your credit card each year for service renewal. You will not be notified or warned in anyway. You can turn auto renewal off.

Reply

Do you use MagicJack?

The default settings will automatically charge your credit card each year for service renewal. You will not be notified or warned in anyway. You can turn auto renewal off.

Reply
post #39 of 72
THE WORLD CAN BE AN EVIL PLACE
sometimes

i hope apple cracks down on all this fraud

go apple

9
whats in a name ? 
beatles
Reply
whats in a name ? 
beatles
Reply
post #40 of 72
HEY APPLE
why can't we limit the amount spent per period, say $25, week, day, or 100/ month

so we don't expose our accounts and credit cards

i'll switch to gift cards its a hassle, but their may be more out there

if this already exists, let me know how to set it.
I APPLE THEREFORE I AM
Reply
I APPLE THEREFORE I AM
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › iTunes App Store hit by developer and account fraud