Never miss an update Follow AppleInsider
Wednesday, July 07, 2010, 08:15 am
Only 400 iTunes accounts compromised in fraud, Apple says
Apple this week revealed more details on an iTunes fraud case, in which one developer managed to boost their sales, revealing that just 400 iTunes accounts were compromised.Over the weekend, it was reported that some iTunes account holders were involved in a number of fraud cases. Just how many accounts were compromised, though, was unknown. Clayton Morris of Fox News reached out to Apple for comment, and reported the company's official word on his personal blog this week.
"Apple told me that an extremely small percentage of users, about 400 of the 150 million iTunes users - that is less than 0.0003% of iTunes users, were impacted," he wrote.
It's the second time this week that Apple spoke out publicly on the issue. The company had previously revealed that the developer whose sales were boosted, Thuat Nguyen, was banned from the App Store and his applications were removed.
Nguyen occupied over 40 of the top 50 applications in the App Store's books category with a number of Japanese manga titles. The books were listed under the name "mycompany" with the website "Home.com." Apple's official statement said that Nguyen was involved in "fraudulent purchase patterns."
The company also recommended that users review their iTunes and credit card accounts to ensure that no unauthorized activity has taken place.
In addition, Apple said its own servers were not compromised at all in the incident, but the company is taking steps to further protect consumers who may have had weak passwords compromised.
"Apple says that starting today they're implementing a new security feature to minimize this type of fraud in the future," Morris wrote. "Basically you'll have to enter your credit card's CCV code a little more often from now on."
On Topic: iTunes
- Penguin agrees to $75M settlement in Apple iBooks price fixing lawsuit
- Editorial: Apple's billions are building an empire for the future
- Gameloft's Gangstar Rio, N.O.V.A. 3 go free on iOS for a limited time
- Apple releases iTunes 11.0.3 with new MiniPlayer, improved Songs View
- Google's All Access music streaming service to take on Spotify, Pandora
Previous Comments View All
This sounds like bullcrap from Apple. How can 400 accounts make 40 books to jump into top 50 if we have over 150.000.000 iTunes accounts? Is 400 purchased copies enough to get to top selling?
Quote:
Originally Posted by gabberattack 
This sounds like bullcrap from Apple. How can 400 accounts make 40 books to jump into top 50 if we have over 150.000.000 iTunes accounts? Is 400 purchased copies enough to get to top selling?
This sounds like bullcrap from Apple. How can 400 accounts make 40 books to jump into top 50 if we have over 150.000.000 iTunes accounts? Is 400 purchased copies enough to get to top selling?
Because it's a time-dependent event. They measure sales over some small time period. Let's say that a top selling book sells 100,000 books in a year. That's under 300 per day. If they buy a single book from every one of those new accounts in the same day, it would jump to the top. It's really much easier to think about things rationally rather than accusing Apple of lying every time you don't understand something.
In reality, the numbers are probably even smaller. The data is somewhat older, but only 900,000 books OF ALL TITLES in the first month. I don't know how these 'book apps' fare compared to iBooks downloads, but it's likely that even 100 sales in a day would put you into the top ranking.
Quote:
Originally Posted by gabberattack
This sounds like bullcrap from Apple. How can 400 accounts make 40 books to jump into top 50 if we have over 150.000.000 iTunes accounts? Is 400 purchased copies enough to get to top selling?
This sounds like bullcrap from Apple. How can 400 accounts make 40 books to jump into top 50 if we have over 150.000.000 iTunes accounts? Is 400 purchased copies enough to get to top selling?
I would love to hear how your two questions relate to you opening statement.
It sounds like you have come to a conclusion without any comprehension of the subject in question or really wanting to know the answer at all.
My hat's off to jragosta for trying. Not that it would matter. IMO.
BTW Jragista, you're right on re your first comment.
I'm curious how Apple came to the conclusion their statement implies: That weak user passwords is the sole vulnerability that was exploited. I certainly wouldn't argue against it being the most likely cause. Probably far more than 400 out of any set of 150 million people would unwisely choose to use weak passwords even if the account ties to their credit card. But how do they know? Was it simply a process of elimination - "We verified that our servers weren't compromised so it must have been guessed passwords," - or do they have some evidence that Thuat used a password cracker program? I hope its more than the former because its pretty tough to prove the negative that servers weren't compromised.
Since this is a fraud case, is the FBI going to investigate?
ONLY?
wtf, guys.
Quote:
Originally Posted by jeffreytgilbert
ONLY?
wtf, guys.
ONLY?
wtf, guys.
When compared to 150 million users I think "only" is the proper adjective
Thankfully mine was not breached.
Woops I guess this horse was already beaten. Forget what i said.
Quote:
Originally Posted by gabberattack
Is 400 purchased copies enough to get to top selling?
Is 400 purchased copies enough to get to top selling?
Actually, yes. Book sales are still VERY low at this point, it doesn't take much at all to make the charts. Previous articles have covered this.
Quote:
Originally Posted by heulenwolf
I'm curious how Apple came to the conclusion their statement implies: That weak user passwords is the sole vulnerability that was exploited.
I'm curious how Apple came to the conclusion their statement implies: That weak user passwords is the sole vulnerability that was exploited.
As you said, they didn't actually say that, you just assumed it was implied. I would think it wouldn't be hard to tell if the servers were actually hacked versus things like guessing passwords. Especially if Apple can check the passwords of the hacked accounts and see if many of them were weak passwords.
Quote:
Originally Posted by jeffreytgilbert
ONLY?
wtf, guys.
ONLY?
wtf, guys.
Out of 150 million accounts, 400 isn't many at all. About three ten thousandths of a percent. I bet there are a LOT more than that that have the password "password". And I'd bet many other sites like credit cards, other online stores, etc have at least that high a percent of accounts hacked. While hacked accounts are a bummer, what exactly do you expect apple to do, test passwords and require ones that aren't weak? Which of course would just lead to more whining from a different group of people...
Quote:
Originally Posted by sheff
But its interesting that you only need 400 people to buy an app to become #1 on iTunes.
But its interesting that you only need 400 people to buy an app to become #1 on iTunes.
That's because in this case they aren't apps, they are books which are much newer and not selling nearly as many yet. The article is a bit confusing on this one.
Only 400 iTunes accounts compromised in fraud, Apple says
"Only...," tell that to one of the 400 that it is only. I am sure no one here would want to be one of the "only."
Hopefully Apple takes steps to fix this long term and plugs other holes. If they're not already they should hire pro-hackers to help them spot issues.
Latest Apple Headlines
-
iPad shipments could see first ever year-on-year decline in Q2, analyst says
~15 hours ago -
Google's Motorola issues second appeal of dismissed ITC case against Apple
~17 hours ago -
iPhone urinalysis app draws scrutiny from FDA
~18 hours ago -
South Australia's first Apple Store draws line hours ahead of opening [update: photos and video]
~18 hours ago -
Best Buy to offer $50 off all iPhone 5 & 4S models starting Sunday
~21 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
First!
'customers who had weak passwords compromised'.
I guess now we'll hear from all the people who think Apple should look over your shoulder while you select a password and make sure the password meets Apple's standards.
After that, we'll hear from all the people protesting Apple's interference in your selecting any password you want - no matter how weak it is.
After all, we all know that whatever happens, it's Apple's fault (unless something good happens, and then it's clearly not Apple's doing).