INTERACT FORUM

Devices => Apple iPad, iPhone, iPod, Airplay => Topic started by: JimH on July 07, 2010, 01:16:54 pm

Title: Apple iTunes accounts were compromised
Post by: JimH on July 07, 2010, 01:16:54 pm

From CNET

"Apple on Tuesday said it has taken steps to remedy a situation that arose over the weekend with one of its iPhone developers, who it said used other people's iTunes accounts to purchase his apps."

"Despite that, Apple said the iTunes servers were not compromised. "An extremely small percentage of users, about 400 of the 150 million iTunes users--that is less than 0.0003 percent of iTunes users--were impacted," an Apple representative said."

Full article:
http://news.cnet.com/8301-13579_3-20009802-37.html?tag=newsEditorsPicksArea.0

Title: Re: Apple iTunes accounts were compromised
Post by: Frobozz on July 08, 2010, 09:09:08 am

The Windows Secrets online newsletter that arrived today has a similar article:
iTunes account theft strikes close to home (http://windowssecrets.com/comp/100708/)

She's an IT professional.  Not ignorant of security.  Likely doesn't have a password stealing trojan on her computers.  So how are they attacking accounts?  Brute force?  Man in the middle?  Hijacked routers?  Insiders at an ISP?  Insiders at Apple?  Phishing?  An exploit against the iTunes application?  A weakness in the iTunes application security methods?  I was assuming password stealing malware, but that may not be it.  Maybe a weakness or exploit against the iTunes app instead?

Certainly doesn't give a warm fuzzy feeling about Apple's security measures.  Something's weak.

I have no automatic payment method associated with my iTunes account.