Feeds

back to article Apple account hijacks spread to developers

Account hijackers have targeted Apple iTunes for months, but now they're hitting Apple developers as well. Reg reader Andrew McAuley discovered that his iTunes account was hijacked after 150 unauthorised transactions, each valued at $42, appeared on his debit card bill. McAuley, a Brit who lives in the US, noticed the attack …

COMMENTS

This topic is closed for new posts.
Joke

PA announcement

"Webster Phreaky, will Mr Webster Phreaky please report for comment duty on this article, thank you."

0
0

They deserve it

If you use an easy to guess password to protect an important account like that then you deserve to get it stolen from you.

Wise up people and use decent passwords.

0
0
Silver badge

Not very secure

"Karppinen said that Apple emailed a reset password to a Yahoo email address not under his control after someone sent a one-line email full of grammatical errors to support staffers via a web support form."

So anyone can contact them, give someone elses account number, claim they lost access to their old email account and have everything changed over to their new fake one.

Someone back at apple needs a good kick up the arse.

0
0
Unhappy

Not an answer

One of the nifty things that I discovered in Ireland is the 3V card. Acts like a disposable visa card, every time you buy credit you are given a new visa number. It does make one more secure when buying from unknown or untrustworthy sites.

Although its not an answer. Apple should be more secure.

0
0
Silver badge
Paris Hilton

Huh?

What are they buying from itunes? DRM'd songs and TV episodes? Don't these idiots know that they can get the same stuff off bittorrent without resorting to credit card fraud?

Or am I missing something?

0
0

tip of the iceberg

this is the tip of the iceberg...all the combined apple os and safari vunerabilities...

0
0
Thumb Down

security?

yea cos when i think of online security the first thing that enters my head is apple

what does this say about a) the level of security awareness of apple staff; and b) the level of security awareness of apple users...

and what ever happened to email/https based confirmation when changing account details?

i will never use any of this retarded consumer [cr]apple tatt (does this make me a hateboi..?)

0
0
Pirate

.mac

This is one reason (apart from the ridiculous subscription fee) that I declined to open a .mac account with all its useful stuff like online storage, web gallery and remote desktop.

Even as a Mac owner I don't trust the buggers with security.

0
0
Paris Hilton

Well, at least...

... they didn't send the old password to the crook, but instead generated a new random password and sent that.

So even though it is bad amateurish practice to gleefully surrender peoples accounts to strangers like that, we know that at least a) the crook cannot get the original password which might be used elsewhere (like net banks) and b) you know something fishy is up when the password unexpectedly changes.

Paris, because she knows the importance of controlling who has access to what.

0
0
Happy

Wise up?

Oh, I'm sorry I guess a > 10 char length mixed alpha numeric password is a little easy to crack ;)

0
0
Alert

Inaccuracy

From the article:

"McAuley didn't suffer financially because his debit card was protected by a $0 liability guarantee. He doesn't store any card details on his UK account, which isn't covered by an equivalent indemnity. In the UK, credit card holders are only liable to the first £50 of any purchase."

It's a slightly confused paragraph which doesn't make it exactly clear what the situation is here - does Mr McAuley have two iTunes accounts (a US and a UK one), and the fraud was committed against his US account??

Regardless, UK credit card holders aren't liable for any fraudulent transactions that are committed on their credit card account.

0
0

@Mr. Vest Hansen

"Paris, because she knows the importance of controlling who has access to what."

Erm ... she, famously, lost the contents of her Blackberry account to the Internet, a couple of years back, illustrating that online storage of ANY sensitive information, including your address book and emails in your Blackberry account, is a not-ready-for-prime-time deal.

If it's not ONLY stored locally, there is an excellent chance your info will be compromised by those who are seeking info stored at any common location ... that includes .Mac, Blackberry, AOL and any shopping site where you told them to save your information because you absolutely MUST buy things so quickly that you can't be bothered to re-enter your information with each purchase. I know ... it's terribly inconvenient and slow to type in that credit card info, but it's one of the few things you can do to avoid situations like this.

0
0

Clarification

I have a UK and a US account. The fraud was against my US account. The US account had my Visa Debit card details stored against it. The REALLY weird thing was the hacker gifted the same music track 4,500 times to lots of different gmail accounts. Perhaps a hacker fan of this particular band trying to score a chart placing?

0
0
Linux

Or

Or as a PC would say to a Mac "Nice day for Phishing is it ? "

0
0

Apple security at its finest

Its like they haven't learned a thing from watching Microsoft's security blunders.

0
0
Stop

Apple installs software without permission

Yep that's right. If you really want to know how they are doing this, then they have the software to do it without having to go to apples website!! Apple installs the mobile me software to all windows platforms!! Check my article out for more information!!

http://www.tech-linkblog.com/2008/07/apple-installs-software-without-your-knowledge.html/

0
0
Boffin

@Goat Jam

iTunes is how *everything* from Apple gets distributed; apps, webcasts, etc. In theory, that's because every Mac has iTunes and it's easy to use the system to push out updates and such (that remain separate from the 'Software Update' under the Apple menu).

Several developers have had various gripes about the mechanism, but AFAIK it's always been seen as satisfactory - assuming Apple maintain control and adequate security. Seems that those assumptions may need a refresh.

0
0

It's time to try escallating the complaints

Even though the compromised accounts seems to represent relatively small amounts, perhaps it is time to try to get some assistance obtaining Apple's attention?

The FBI has an Internet Crime Reporting site at http://www.ic3.gov/default.aspx Since we all seem to have been victims of the same crime, if enough people report their issue it might become sufficiently significant for the FBI to do something other than watch old X Files reruns, and for Apple to take some affirmative action to correct this.

It may do something, or it may do nothing, but everything tried so far seems to be totally ineffective in obtaining Apple's cooperation or notice. Maybe we could at least get them to formally acknowledge that there is a problem.

0
0

It's not that simple.

"If you use an easy to guess password to protect an important account like that then you deserve to get it stolen from you.

Wise up people and use decent passwords."

This is an exceptionally simplistic and inappropriate comment (troll?).

I use 12 character, randomly generated hex passwords and they still get compromised the same day that I change them.

Apple's systems themselves are compromised, not the individual accounts. I would have thought that this is sufficiently obvious from all the posts for any intelligent person to realize.

0
0
This topic is closed for new posts.