This is a developing story, and not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit card from your iTunes account. I did, purely as a precautionary measure until this is sorted out.
The Next Web has been running a series of articles that detail how corrupt app developers have been using what they describe as “app farms” to hack into users accounts and purchase their own apps. Since originally posting the article, the first developer mentioned, “Thuat Nguyen,” has been removed from the app store, but The Next Web is reporting several other suspiciously successful developers who may be running the same kind of scam. Several users are reporting unauthorized iTunes purchases in the comments.
In contrast, Arnold Kim wrote on MacRumors that the issue of hacked iTunes accounts is not new, and points to a running thread they’ve had open since January 2008. Kim notes that the Books category is one of the smallest, representing a tiny amount of sales compared to the millions of iTunes accounts.
Right now, there are a lot of unknowns, and some good reasons to be suspicious of how widespread the problem really is. We don’t know if the code of the app store has truly been hacked, or if the crooked developers have been using password guessing and targeting users with weak passwords. If the app store really has been “hacked,” then the strength of your password won’t matter, but I think this is unlikely. A brute force password-guessing attack goes after the weakest link: the users.
No matter how widespread the problem is, Apple should be taking it seriously. It is apparent that there are still holes in the curated “walled garden” and that the overall problem of the app store, the approval process, is still broken. How can these crooked, worthless apps get in, when some truly useful apps do not?
Post in the comments if you’ve seen any unauthorized charges on your iTunes account.