Late last year, reports of hacked iTunes accounts and unauthorized purchases surfaced on Apple support forums.
People complained their accounts were compromised and their gift card balances drained by in-app purchases. Most cannot remember falling for a phishing scam and had no idea why or how the hijacking occurred.
It’s been a few months and these reports continue to grow. That original thread, once thought to contain only a few isolated incidents, is now 70 pages long as noted by The Global Mail. The sentiment on the thread has also changed from initial confusion about why this is happening to anger that Apple is not addressing this problem. Some even say Apple is aware of a security hole in iTunes and is deliberately trying to cover it up.
Apple has sidestepped this issue which only exacerbates the problem. When reached for comment, the company responded with a canned statement, “Apple takes precautions to safeguard your personal information against loss, theft and misuse, as well as against unauthorized access, disclosure, alteration and destruction. Apple online services such as the Apple Online Store and iTunes Store use Secure Sockets Layer encryption on all web pages where personal information is collected.”
No one knows why these unauthorized purchases continue to occur. Some posters note that many hacked accounts have in-app purchases from an app called, Kingdom Conquest. Others suggest it might involve Apple’s iTunes gift card algorithm which Chinese hackers cracked in 2009. It’s also possible some accounts may be hacked by an automated system which scans for accounts that are easy to compromise. Once an account is hijacked, the login details are either sold on the Internet or used to make purchases that go to a developer who will share the profit with the hijackers.