This is the Books category in the iPhone App Store, and these are the top paid apps in that category. Notice something weird? There’s a developer who has 40 apps (!) in that chart, and all of them are badly coded Vietnamese comics (manga) apps based on stolen intellectual property (Conan, Dragon Ball).
How is this even possible?
Many users are reporting that their iTunes accounts got hacked, and they found themselves new owners of these applications. Take a look at a screenshot from The Next Web:
Another iPhone developer, the one that first found out about this Vietnamese dev, reports:
“The developer itself doesn’t seem to be legit – both the company site and support page are missing, no reference of them could be found on Google.
It’s statistically impossible that out of 41 book apps of a developer (he also has one game in his 42 apps portfolio), all of them are in top 50 paid books US, having been published on the same days (most of them on April 16, others on April 20 and the rest on April 22).
The Conan 3 book does have other *extremely* positive reviews written in poor english; none of the other 41 books has any reviews; had the positive ones been legit, other apps should have some kind of reviews as well. But they don’t, so it might be that Conan 3 positive reviews were written by their developer(or his partners), in an attempt of diverting attention from the real issue.”
It really looks like this guy somehow managed to obtain account information from some users, release 42 apps and buy them using those accounts – thus making it to the top of the charts. We’ll keep you posted about this, but in the meantime I suggest you change your iTunes password and check on your bank / Paypal account activity.
UPDATE #1: It looks like changing your password might not be enough. It’s highly recommended to change your payment method to “None”, at least as a temporary solution until Apple acknowledges the problem and finds a solution.
UPDATE #2: From a thread on MacRumors forums:
“I also received a receipt via email on my “Purchases” on 7/2/10. I made the mistake of storing my debit card on the itunes store app. I have run into the exact same responses that other users are reporting–only email as a method of contact.
That response was to tell me how to change passwords, etc. – stock answers and to also tell me of no refunds. I was an internet technician for years so the iTunes advise was second nature for me but with little hope for “fixing” the issue since I believe that the breach was on the iTunes server.
Thankfully, I carry a smartphone with my email setup on it, so I received the invoice quickly. Most of the 15 purchases where for items that I don’t even own i.e. iphone (I have a blackberry) and ipod (I’m 47 and I still use a radio for my music). I was able to verify the $70.15 charge via mobile banking and immediately called my bank. The transaction was in the processing stage and I think my bank was able to refuse it–I’ll see after the holiday weekend. With my card canceled, the additional $20+ charge was unable to be authorized. “
“Yesterday my credit union contacted me saying there was suspicious activity on my debit card. Sure enough over 10 transactions in the $40-$50 area all on iTunes equaling to $558. This is definitely a problem, since then I’ve e-mailed MSNBC hoping they’ll pick up the story and investigate this problem.”
UPDATE #3: MacStories reader Brad Buchanan had similar problems:
“He rang my dad up for $300 in a matter of hours.
Six iTunes receipts came at the same time the day he did it. I noticed all the apps were the same developer.”
UPDATE #4: The issue is not US-only anymore. The Next Web reader Jamie Vickery (from the UK) reports:
“I’ve just noticed my iTunes account has been hacked in the past week. Someone has downloaded 8 apps and two songs totalling £61.70. The most expensive being an app called All Match by CharismaIST for £54.99! The other apps seem to be based on photographer like Camera One, Night Shot, Camera Flash Ultra. Surely Apple won’t pay out to these developers. I have changed my password and put in an email complaint to iTunes so we’ll see how it goes.”
UPDATE #5: This is what your iTunes account should look like after the payment method reset:
UPDATE #6: As you can see, Apple has removed the apps from the developer. I think we’ll be hearing about refunds soon, too.
#1
That's what Rody said 2 months ago:
The real question is: How did these apps manage to even make it through to the store. Apple’s app store review process never ceases to surprise, or disappoint…
[Reply]
Rody Reply:
July 4th, 2010
@Rody, OK this seems like a pretty widespread problem… I wonder if this is a glitch in the iTunes servers, or if all these people are victims of a phishing scam of some sort…
[Reply]
#16
That's what Julia Altermann said 2 months ago:
Thanks for your coverage of the issue, I have changes my passwords and payment methods according to your recommendation. Please keep us updated.
[Reply]
#23
That's what Mac Hoe said 2 months ago:
This is really bad.. The hacker might have earned millions of dollars already..
I just hope that the hacker can not change iTunes Account passwords, it could really be nasty if that happens..
[Reply]
#24
That's what Alejandro said 2 months ago:
Hello. Im my case the suspicious charges are duplicate quantities: of the receipt I paid last, some months ago, and then of the receipt I am paying this month.
I had recovered my password via iforget.apple.com, so either the DNS was poissoned or the fact of restoring the password put me into some manual operation inside apple.com databases, and some operator did it wrong.
[Reply]
#27
That's what Aquaman_Tom said 2 months ago:
Didn’t get me, but I don’t have any type of bank card on my account or a dev account. He/She must have only went after people with bank/dev account info. Apple really needs to get better security that it has… Words from the bad guy from Iron Man 2. "software is shit"
[Reply]
#35
That's what tangel476 said 2 months ago:
All you Apple users deserve to get hacked. Bad mouthing Microsoft and buying overpriced electronics.
[Reply]
#42
That's what Michelle said 2 months ago:
I removed my payment information, I don’t take chances with my money.
[Reply]
#57
That's what Cristan said 1 month ago:
Yes, this happened to me. I got several itunes receipts like this:
Item Number Description Unit Price
1 Words With Friends, v3.09, Seller: newtoy, inc. (4+)
$2.99
2 izyOto, v1.0, Seller: Duc Ngoc Tran (4+)
$0.99
3 Chiến lược kinh doanh hiệu quả, v1.0, Seller: Viet Point Technology Joint Stock Company (4+)
$2.99
4 Kỹ năng thương lượng, v1.0, Seller: Viet Point Technology Joint Stock Company (4+)
$2.99
5 Tam Quốc Diễn Nghĩa, v1.0, Seller: Tran Hoai Phuong (4+)
$2.99
6 KamaSutra Tiếng Việt – by Sách Việt, v1.0, Seller: Renacentia Corporation (17+)
$0.99
7 Hán Sở tranh hùng – vPoint, v1.0, Seller: Viet Point Technology Joint Stock Company (4+)
$2.99
8 Tài chính cho người quản l, v1.0, Seller: Viet Point Technology Joint Stock Company (4+)
$2.99
9 Pocket MBA – course book, v2.2, Seller: INTERSOG, LLC (4+)
$29.99
The charges totaled over 200 by the time the 4th receipt got to my inbox. I deleted my card from itunes and apple was NO HELP AT ALL. The only way to contact them was via email and all I got was a for email advising me to protect my password.
I had to report the charges as fraud to my bank, sign an affidavit and cancel my card – which screws up my week.
Thanks for the hackable site and NO HELP apple!
[Reply]
#58
That's what SanjAy said 1 month ago:
No comment
[Reply]