iTunes App Store hit by developer and account fraud

24

Comments

  • Reply 21 of 71
    ...accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users...







    Now how does he know these people are white?
  • Reply 22 of 71
    Quote:
    Originally Posted by hdang221 View Post


    all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.



    unless apple does something to make iTunes more secure i am not buying another single thing off that app.



    i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.



    Quote:
    Originally Posted by hdang221 View Post


    and thank you for writing this article. this is a serious issue since i was a victim and apple honestly did ABSOLUTELY NOTHING about my problem except turn off my account. i also filed a complaint with the consumer protection org. FTC.



    this is a huge security issue which they won't admit or anyone has really made public. great article.



    second that. I had the same problem. Somebody should write to Steve Jobs about this to take this seriously. This is such non-sense that I have to go through that there wasn't even a phone number to call. I ultimately figured a phone number and way to contact the customer department, and then through him to manager who generated a case id and promised it will be taken care of.



    Quote:
    Originally Posted by NasserAE View Post


    No one will because it is your bank job to do so. I left my Visa debit card at a restuerant once and came back the next morning and picked it up. Few months later my card was used to buy software online for more than $300. I called the bank and they put the money back into my account and issued me new card. I didn't even bother calling the software seller.



    This is ultimately what I did too. Called CC to change credit card; start a dispute charge case and let them take care of it. meanwhile, as someone suggested here use those 1 time credit card use number that you can generate with many of visa and master cards. Set it to something like $39 (since this >$40 is what apple looks for; and exactly this what happened to me - multiple 40-ish charges) and an expiry date.



    My cc company ultimately refunded it and is taking care of contacting Apple to get their share of money, if they even can from the greedy (n rotten) Apple.
  • Reply 23 of 71
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by dadsgravy View Post


    ...accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users...



    Now how does he know these people are white?



    Assuming your comment was a real question posing as a joke...

    Quote:
    Originally Posted by Wikipedia


    A black hat hacker, sometimes called "cracker", is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity



  • Reply 24 of 71
    Quote:
    Originally Posted by solipsism View Post


    Of course they can credit your card back. If they can take money from your card they negate those charges too. It's part of the system.



    It sounds like your credit card data itself was highjacked, not just your iTunes Store account. That means it's not Apple's responsibility, it's for your CC company to delete and to remove all funds. Whether that is what happened or not, it does seem like that is what Curtis thought. Note, my anecdote was about Apple refunding my charges, not needing to cancel a CC.



    my CC was hijacked from my iTunes acct..... so it's still apple's responsibility. they're the one storing my info and allowing someone have access to and illegally using it. its no different then walking into a store and the cashier stealing your CC info and making illegal charges. the store is still responsible.. in this case Apple. they're providing a service so protect the consumers.
  • Reply 25 of 71
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by hdang221 View Post


    my CC was hijacked from my iTunes acct..... so it's still apple's responsibility. they're the one storing my info and allowing someone have access to and illegally using it. its no different then walking into a store and the cashier stealing your CC info and making illegal charges. the store is still responsible.. in this case Apple. they're providing a service so protect the consumers.



    But the card still needs to get canceled. Your creditor may have charged Apple since the breach came from their end, but I have a feeling both are well insured and protected in these matters, just as you are.



    Either way, since it looks your CC data was itself compromised, not just some kid gifting himself some apps, you have to have the card canceled. Do you really want a 3rd-party company to be able to call up your creditor, close your card canceled and have a new one shipped to you in 5-7 business days? I sure don't. That is fraught with potential issues.
  • Reply 26 of 71
    Quote:
    Originally Posted by solipsism View Post


    But the card still needs to get canceled. Your creditor may have charged Apple since the breach came from their end, but I have a feeling both are well insured and protected in these matters, just as you are.



    Either way, since it looks your CC data was itself compromised, not just some kid gifting himself some apps, you have to have the card canceled. Do you really want a 3rd-party company to be able to call up your creditor, close your card canceled and have a new one shipped to you in 5-7 business days? I sure don't. That is fraught with potential issues.



    agreed. but i think you're missing my point. which is...iTunes is wrought w security issues. it's not about canceling my CC or who is suppose to credit me. when u open an iTunes acct you're required to give a CC number which of course u can remove but is it really that easy to hack into an itunes acct and steal that person's CC info? apple needs to address this..that's all.
  • Reply 27 of 71
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by hdang221 View Post


    agreed. but i think you're missing my point. which is...iTunes is wrought w security issues. it's not about canceling my CC or who is suppose to credit me. when u open an iTunes acct you're required to give a CC number which of course u can remove but is it really that easy to hack into an itunes acct and steal that person's CC info? apple needs to address this..that's all.



    That is a separate issue than originally presented which I think Curtis was clearly correct. I agree that it's inconvenient, but security is always inconvenient.



    I agree that they should take better steps to protect your data, but I personally don't know what they are or how well they protect it. I think they have over 300M CC numbers on file so I can see why that would be a huge target to thieves. Even if they have the best system on the planet (which I doubt they do), that doesn't mean they can't improve upon it or that there are still going to be holes and the occasional hacks.



    Besides having a CC card specifically for internet purchases I also use 1Password with unique passwords at 32 characters, if the system will allow it. Oddly, and perhaps ironically, my bank and CC companies have really low character and type of character limits on passwords. Those are precautions on my end, and surely won't help if the hack is on the backend of the system, but at least I know nothing else in my life will be compromised if it happens. I even a PO Box specifically so my home address isn't used. Maybe I'm taking it too far.
  • Reply 28 of 71
    cvrcvr Posts: 5member
    The credit-card fraud scheme described in the article sounds real enough, but the claim that developers somehow have scammed Apple into listing this manga at the top is not backed up at all in the article. If a bunch of Chinese teenagers go on a 'feeding frenzy' in the store, it is no wonder that manga, good or not, ends up in the top 50. Especially if the category is a slow one to begin with, and the teenagers are in a hurry to rake in as many goodies as they can before they are found out. No further explanation is necessary.



    It is entirely possible that this particular manga violates intellectual property rights, and this manga may even be squarely aimed at these fraudulent teenagers, but that still doesn't prove that the Apple store is somehow hacked by the developers. Also, I note that the individual episodes of this manga have their own icon, which elevates these entries above the bottom-feeding shovelware in the app store that only has a generic icon. This suggests they were intended as legitimate (although perhaps not legal) apps.
  • Reply 29 of 71
    asciiascii Posts: 5,936member
    Quote:
    Originally Posted by hdang221 View Post


    here's the response i got back from apple. and it clearly does not state any compensation, crediting, etc.. so its up to you and your bank in the end. my point is iTunes has serious security issues if someone is hacking your acct and actually getting your CC etc..



    It's the normal thing, when your credit card is hijacked, to sort it out with the credit card company not the retailer, this is not an Apple policy but an industry wide one.



    Normally you ring your CC company and tell them you did not buy item X on your statement and you refuse to pay for it, then they sort it out with the retailer. It's one of the services they provide, dealing with the retailer for you.
  • Reply 30 of 71
    asciiascii Posts: 5,936member
    Quote:
    Originally Posted by Prof. Peabody View Post


    I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.



    I agree, it's confusing for the users having books in iBooks and also books as apps. Unless there is a significant amount of interactivity or animation they should refuse submissions.
  • Reply 31 of 71
    hill60hill60 Posts: 6,992member
    It sounds like a pretty dodgy credit card company if they are this forthcoming with their inner workings.



    Either that or you are a full of shit, bandwagon jumper.



    Quote:
    Originally Posted by iPoodOverZune View Post


    My cc company ultimately refunded it and is taking care of contacting Apple to get their share of money, if they even can from the greedy (n rotten) Apple.



  • Reply 32 of 71
    hill60hill60 Posts: 6,992member
    The breach could also come from compromised PC's with keyloggers that pass iTune account info on from infected computers that are part of a botnet.



    It would be interesting to see how many affected users are using OSX vs Windows versions of iTunes.



    Quote:
    Originally Posted by solipsism View Post


    But the card still needs to get canceled. Your creditor may have charged Apple since the breach came from their end, but I have a feeling both are well insured and protected in these matters, just as you are.



    Either way, since it looks your CC data was itself compromised, not just some kid gifting himself some apps, you have to have the card canceled. Do you really want a 3rd-party company to be able to call up your creditor, close your card canceled and have a new one shipped to you in 5-7 business days? I sure don't. That is fraught with potential issues.



  • Reply 33 of 71
    quadra 610quadra 610 Posts: 6,757member
    http://forums.macrumors.com/showthread.php?t=960064







    Reports of 'App Store Hacked' Greatly Exaggerated



    Earlier today a report on TheNextWeb claimed that the App Store had been hacked and that a rogue developer had gamed the system by artificially driving sales to their eBooks. The rise in ranks were noted by competing developers who thought the rise strange given that the books all represented poorly coded Vietnamese-based books.



    A couple of reviews left on one of the books revealed that at least two customers had their iTunes accounts compromised to purchase the books. This led to theories that a widespread attack specifically tied to this developer could be the cause of the rise in ranks. Which then led to a cascade of headlines suggesting that everyone's iTunes account was suddenly vulnerable to a coordinated attack. While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.



    The Book category in which we found these apps (note, they've been pulled from the App Store) is one of the lowest trafficked categories in the App Store. Based on sales reports we've received from developers, the number of daily sales required to hold a book in the #10-#50 rank seems to range from 50-250 sales a day. That means that even if every sale was based on a compromised account, the actual number of accounts involved are minuscule compared to the 100 million active iTunes accounts.



    Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed. However, this issue has been ongoing for years and we're not convinced there has been a major spike in activity. iTunes accounts are easy targets since they are so common. In our forums we have had a running thread on the topic since January 2008. A few reports appear every few months. There do seem to be a higher number of reports arising the past day or two of other iTunes accounts being hacked. It's certainly possible there has been an acute rise in the past few days, but the added press coverage will certainly attract more stories. Meanwhile, a blog post from 2009 similarly attracted a number of "me too" reports.



    It's still a good idea to make sure your accounts are safe, and especially important to make sure you have good (and different) passwords on all your sensitive accounts. Common mistakes include easy to guess passwords and shared passwords across multiple accounts.

  • Reply 34 of 71
    Quote:
    Originally Posted by Quadra 610 View Post


    While we do believe that this developer had been trying to game the iTunes ranking system, it's hard to believe that their efforts affected more than a few hundred accounts worldwide.

    ...

    Now, on a separate note, the issue of hacked or compromised iTunes accounts is a major issue, and one not to be dismissed.



    Comforting?



    Consider also:



    Quote:

    This article began with details of one specific app developer hacking iTunes users accounts and purchasing their own apps using those accounts – making it to the top of the iTunes charts. As the story has developed it appears to be far more widespread than just that one particular developer and his apps…the Apple App store is filled with App Farms being used to steal.



    http://thenextweb.com/apple/2010/07/...-store-hacked/



    Quote:

    As the story of of iTunes accounts being hacked continues to develop, we’ve come across a number of what we would call “App Farms” in iTunes being used to scam users out of their money.



    Despite a claim that we’re exaggerating the gravity of the entire situation, let’s show you a few examples of these app farms and you can judge for yourself. ...



    http://thenextweb.com/apple/2010/07/...al-your-money/
  • Reply 35 of 71
    sensisensi Posts: 346member
    Quote:
    Originally Posted by NasserAE View Post


    Selling paid apps in the app store is not as easy as you think. Developers are required to supply real bank account numbers. Apple take the time to verify the information, sometimes weeks, before a developer can sell paid apps in the app store.



    Beside the money from apps will take 30 days from the close of the billing period to be released to the developer. For example, money from this month sales will reach developers on or after August 1st. This gives Apple advantage in case something like this happens.



    Actually I have no clue how it works, thus thank you for your explanation.
  • Reply 36 of 71
    sdw2001sdw2001 Posts: 18,012member
    Quote:
    Originally Posted by DaHarder View Post


    "It Just Works"...



    I take it that's a dig at Apple? iTunes always just worked for me.



    Quote:
    Originally Posted by hdang221 View Post


    all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.



    unless apple does something to make iTunes more secure i am not buying another single thing off that app.



    i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.



    Sorry for what happened, but it is clearly a secure downloading app. "Secure" does not mean fraud never happens. iTunes processes millions of transactions. They process something like 1,000,000 music tracks and 50,000 movies per DAY. It's actually incredibly secure. Your credit card info itself was not in jeopardy through iTunes. It's the account that got hacked or someone guessed/obtained your password. That's all.



    Quote:
    Originally Posted by hdang221 View Post


    and thank you for writing this article. this is a serious issue since i was a victim and apple honestly did ABSOLUTELY NOTHING about my problem except turn off my account. i also filed a complaint with the consumer protection org. FTC.



    this is a huge security issue which they won't admit or anyone has really made public. great article.



    and then....



    Quote:
    Originally Posted by NasserAE View Post


    No one will because it is your bank job to do so. I left my Visa debit card at a restuerant once and came back the next morning and picked it up. Few months later my card was used to buy software online for more than $300. I called the bank and they put the money back into my account and issued me new card. I didn't even bother calling the software seller.



    Nasser...EXACTLY. This is not Apple's problem. They turned off his account. That's what they should have done.





    Quote:
    Originally Posted by solipsism View Post


    Sure they do (give your money back), but the type of activity can limit what they can do. Their Support area is through your iTunes account. You can check your history and report a problem. I've used it several times over the years with great success.



    Once I was gifting a TV Show and it kept timing out on the purchase. I kept trying until it went through. My card was later charge for multiple attempts even though the recipient only received once email for the gift. Apple refunded all my money, not just all but one sale, they also credited my account with several free TV shows (these could not be used with other types of iTS media, not eve HD TV Shows). That was better than I expected.



    The great thing about CCs today is there is an inherent protection. Personally, I do all internet purchases from a low value CC just in case it does get stolen. I know I'll get it back but I also won't be inconvenienced by it. I simply pay it off the day I buy something, but that does mean my CC company has my bank info, so it's not a full proof plan, because they could get hacked.



    Good plan. I never had a problem with their service. Not the same kind of example, but I once scratched off the code of a gift card completely. Service just asked me if there was any part of the number I could read, and then activated the card once I told them. It was fine.



    Quote:
    Originally Posted by hdang221 View Post


    agreed. but i think you're missing my point. which is...iTunes is wrought w security issues. it's not about canceling my CC or who is suppose to credit me. when u open an iTunes acct you're required to give a CC number which of course u can remove but is it really that easy to hack into an itunes acct and steal that person's CC info? apple needs to address this..that's all.



    This is a patently false statement. It's not "wrought with security issues." I say again...they have processed BILLIONS of transactions with relatively few problems. No one "hacked into the account" and stole your CC. They used your account by gaining access somehow. Your card happened to be attached.

    It's no different than someone getting your bank login info. It's not the system itself.
  • Reply 37 of 71
    kpluckkpluck Posts: 500member
    I don't understand how these accounts are being "hacked." There is nothing in the story to suggest Apple has had a security breach.



    This leads me to believe that the hacking in question is really just users doing stupid things with their account information. Or maybe they are Windows users that have some sort of malware on their system that sending out their information.



    Plus, while I understand it is a convenience, you should never let a vendor hold onto your credit card information as these people obviously did. That is just stupid.



    -kpluck
  • Reply 38 of 71
    brucepbrucep Posts: 2,823member
    THE WORLD CAN BE AN EVIL PLACE

    sometimes



    i hope apple cracks down on all this fraud



    go apple



    9
  • Reply 39 of 71
    nofeernofeer Posts: 2,427member
    HEY APPLE

    why can't we limit the amount spent per period, say $25, week, day, or 100/ month



    so we don't expose our accounts and credit cards



    i'll switch to gift cards its a hassle, but their may be more out there



    if this already exists, let me know how to set it.
  • Reply 40 of 71
    chris_cachris_ca Posts: 2,543member
    Quote:
    Originally Posted by iPoodOverZune View Post


    My cc company ultimately refunded it and is taking care of contacting Apple to get their share of money, if they even can from the greedy (n rotten) Apple.



    You think Apple is greedy and you CC company is somehow a saint?

    Read your credit card agreement and you will see that you agreed to contact your CC company for all disputes. It is up to them to contact the retailer for any charges you do not agree with.

    Keep in mind CC company gets 2%-3% from the retailer for every single charge (in addition to any interest you pay on your account). This money is used guarantee payment to the retailer.

    This is why CC cards are so easy to use everywhere. As long as the retailer gets approval for the purchase from the CC company that your card is still valid, they will get paid.
Sign In or Register to comment.