A rogue app developer, Thuat Nguyen, has been hacking into hundreds of iTunes accounts - to buy his own apps and boost his ratings.
Vietnam-based Thuat Nguyen is thought to have used the accounts to purchase his own rip -off Japanese Manga comic book propelling the App to the top of the iTunes book chart. At one point, Nguyen's comics held 42 of the top 50 US chart places.
The developer decided he could generate wealth by manipulating accounts and boosting his apps' chart ranking, consequently encouraging other users to buy them as well. One account holder lost £920 in the scam, which has yet to be refunded.
Rivals soon became suspicious of the App, when high volumes of the copyright-breaching App were downloaded, all with simple, generic positive reviews, such as: 'Good, this story is very interesting".
Graham Cluley of 'Internet Security Company' said, "People need to be careful about their passwords and always keep an eye on their recent account history".
The iTunes application has come under fire in recent weeks and has been subjected to mass organised hack attacks originating in China.
According to Apple, the iTunes servers were not compromised and Nguyen did not get any confidential information when his apps were downloaded.
However, Apple has not exposed how Nguyen manipulated the data, sparking speculation that he hacked into user accounts to make unauthorised purchases. Detailed guides to hacking iTunes accounts have even been recently published online, undermining Apple's claims that its store is a moderated, secure marketplace.
The company insists that neither App Store nor iTunes users' information is at risk as a result of Nguyen's activities and is also tightening security on App Store purchases, such as increasing the number of times users are asked to enter the card verification number.
Nguyen has now been banned from the store, said Apple, which told users to ask their banks for refunds. But Apple has cautioned its customers to be wary of suspicious transactions and recommended that they change account passwords immediately and cancel credit cards if they suspect fraudulent purchases were made.
Apple's App Store, Google's YouTube and Wikipedia were among several top sites to be disrupted on US Independence Day, but no definite connections have been established between them.
Return to security news headlines
View Security News Archive