Skip to navigation
Latest News

Apple under fire as hacked iTunes complaints swell

aaple

By Stewart Mitchell

Posted on 7 Jun 2011 at 09:27

Apple is facing mounting criticism as a possible iTunes hack attack has seen customers' gift certificate accounts drained.

Several pages on Apple's forums highlight the security flaw, with dozens of users blaming a Sega app called Kingdom Conquest for removing funds – even if they have never downloaded the game. Various other apps have also been blamed for draining accounts using a similar technique.

It's unclear at this stage whether the action is the result of a widespread hack on iTunes or whether individual accounts have been hacked, but more consumers appear to be falling victim to the attack.

From the number of postings here, obviously, Apple has a big problem with either account security, in-app purchase fraud, or both

The hack changes users' billing addresses and uses games and in-app purchases to syphon money, with victims being advised to deactivate their computers and change passwords – and one post relating to the problem now runs to 24 pages on Apple's own site.

The problem appears to have been active since late last year, but the number of complaints has swelled dramatically since May, and some victims claim to have been attacked more than once.

"My wife and I had our iTunes gift card credits stolen this week by in-app purchases," posted Michael from Colorado. "Two purchases wiped out $22.98 in credit and the app had not been installed on any of our devices.

"From the number of postings here, obviously, Apple has a big problem with either account security, in-app purchase fraud, or both," he added.

Seeking answers

What has really infuriated users, however, is that Apple appears to know about the problem, and has in many cases refunded money to victims, but has yet to address the underlying issue or explain how the attacks are taking place.

“The latest response after I filed my report? My account has been re-enabled, all computers are de-authorised, change your password/security question... again, re-authorise your current computer,” said MomawNadon78. "Nothing regarding the actual security issue. I won't be tying any cards to iTunes nor purchasing anything from iTunes if this kind of security loophole or breach is not fixed." 

From customer feedback, Apple seems to be suggesting that the problem is limited to isolated attacks on individual accounts - as it has with similar attacks last year - but posters have questioned whether so many accounts could have been compromised at the same time without a wider vulnerability.

“This is the first time I have had any of my accounts hacked after more than 15 years in IT,” read another forum post.

“It seems unlikely to me with the timing on these posts that brute-force hacks just so happened to nail large numbers of accounts simultaneously - especially with the many people stating they have complex passwords.”

Sega responds

Apple has yet to respond to requests for information on the case, leaving users to speculate on the scale and severity of the issue, but Sega has confirmed it is investigating the reports.

“It is very likely that your iTunes account has been stolen and is being used by someone else to purchase items in this game," the company said in its forum.

"We are currently investigating this claim as well as some others, but since we have no access to any customer's iTunes account information or transaction histories we highly recommend contacting Apple directly.

“Allow me to state very clearly that Sega and Kingdom Conquest are not acting maliciously in any way. It is in no way possible for this game to charge an iTunes account without someone installing the app, logging into that iTunes account with valid credentials and then choosing to make a purchase.”

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

I find it ironic that there's this issue going around just as apple announced they plan to increase the use of DD and the cloud.

By tech3475 on 7 Jun 2011

So is this Microsoft's fault?

Anyone?

By everton2004 on 7 Jun 2011

Sony or Other?

Would be interesting to know how many of these are also customers of Sony, or other companies that have been hacked recently. With the list of emails and passwords, I'll bet there are plenty that overlap with iTunes accounts.

By MJ2010 on 7 Jun 2011

@everton2004

Wait till SwissMac wakes up ;>

By Josefov on 7 Jun 2011

What's the current status of this?

ApCon1: Apple deny there's a problem
ApCon2: Apple admit problem but blame users
ApCon3: Apple admit it's down to them but say it's a 'feature' and they won't be doing anything about it.
ApCon4: Apple climb down and fix the problem.

By qpw3141 on 7 Jun 2011

@qpw3141
LOL!

By sandman652001 on 7 Jun 2011

@qpw3141

ya missed one...
ApCon5: Apple release plastic/rubbery protector that you need to put around your credit card to stop interference.....

By CraigieDD on 7 Jun 2011

Sall we lay bets as to what line SwissMac is going to take?

i reckon its his usual "I think Microsoft are worse therefore Apple's actions are perfectly OK"

By Aspicus on 7 Jun 2011

@Josefov; @qpw3141; @CraigDD; @Aspicus

I think that you are all being very mean to poor old SwissMac. He really does believe that this is all a conspiracy by Microsoft. Shame on you for trying to disillusion him. /sarcasm off.

:) LOL

By jontym123 on 8 Jun 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.