According to a story which TheNextWeb broke over the holiday weekend, hundreds, if not thousands of iTunes accounts have been hacked over the holiday weekend, and a variety of methods used to ring up hundreds of dollars in fraudulent iTunes app store and music charges.
One developer, Thuat Nguyen, used the stolen accounts to apparently propel his apps to to filling 40 of the 50 top spots on the iTunes iBook section. The apps — mostly three series of books called Conan, Vien Ngoc Rong, and Thuy Hu — retailed for $4.99 a piece and have since been apparently removed from the app store by Apple.
Other apps — the Charismaist app, Wishii Network apps (which dominated 29 of the top 50 iPad Travel app spots), and developer Storm 8’s apps — reportedly have also been involved in the scheme.
Some users report lesser sums — around $150. Others report losing around $600. One user even reports, “Unlike what others have reported, we were taken for over $1400.00 on what looks like in-game credits for some game called World War at $160 a transaction and some music. Again, Appledid nothing to help but give the password reset advice and removing of the credit card info.”
Some users report getting a couple of small purchases, then being hit with a single extortionate purchase for a $90 or more app.
Apple is reportedly having a mixed track record when it comes to the problems. One iTunes user, redguitarfreak, posts on Twitter, “someone hacked my iTunes account info and downloaded about 120 bucks worth of apps. Got it all back though!”
Another Twitter user, YourNYDreamHome, reports a less fortunate experience, stating, “I’m ready to shoot someone at iTunes. Someone hacked by account and spent 100s of $s and they won’t let me talk to a REAL PERSON. Augh!!”
Apple has not officially responded to the problems. It’s unclear at this point how the hackers got their paws on the iTunes account passwords. It’s recommended that iTunes users remove credit cards numbers, for the time being, from their accounts (use gift cards instead) and change their passwords to more secure methods like long pass-phrases.
In separate, perhaps unrelated news, the internet’s top video site YouTube was also hacked over the holiday weekend. Hackers discovered that information enclosed in <script> tags at the beginning of a comments post, would be put onto the page — including redirects to shock pages, malware redirects, and obnoxious visual effects. Justin Bieber videos were among the first to be hit, reportedly.
Some are blaming the hackers at the message board 4chan for the attacks because of posts made referencing attacks to come over the weekend. It is unclear, though, exactly who masterminded the majority of the attacks on YouTube.
Google has responded to this issue, saying that it disabled comments temporarily while fixing the issue. A spokesperson states, “Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.”