Web scam hits iTunes and Paypal


Inactive User
May 19, 2010
Reaction score
que sera sera
iTunes accounts linked to PayPal have been hacked with a number of users complaining that they have been cleaned out.

Apple and PayPal refused to discuss the details of the incident.

Experts have told the BBC there is no security hole in iTunes or Apple servers and that it is most likely users have fallen for an online scam.

"I just got hacked for $1,000 worth of software, videos and music," tweeted one victim.

Another told the technology blog TechCrunch: "My account was charged over $4,700. I called security at PayPal and was told a large number of iTunes stores accounts were compromised."

Another turned to Facebook to post details.

"My iTunes account just got hacked and someone made about $700 worth of purchases. I contacted Paypal and they said Apple has gotten so many attacks since June, they can barely keep up with reporting them all."

Apple would not comment but said that they had recently implemented new security measures.

In a statement to BBC News, Apple said: "iTunes is always working to prevent fraud and enhance password security of all of our users.

"But if your credit card of iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about cancelling the card and/or issuing a chargeback for any unauthorised transactions.

"We also recommend that you change your iTunes account password immediately."

PayPal nor Apple would talk about the scale of the problem or how many people or accounts had been hacked.

PayPal said that any unauthorised charges will be reimbursed.
tweet about itunes hack Victims of the hack turned to social media to find answers and vent

However, those in the security industry said they were not surprised by the hacking incident.

"We have been hearing about attacks on iTunes for a while and it seems it is possible to game iTunes and make money," said Dan Kaminsky, chief scientist at security firm Recursion.

"I am sure Apple are getting a rapid education in what it means to be a mechanism that fraudsters can use to steal funds, but I don't expect this to be a long term problem or a product threatening one.

"Apple is going to have to adjust and make investments in fraud prevention technologies but this is not a big deal."

Security experts said that most of the victims had likely fallen prey to a phishing scam.

Phishing involves using fake websites to lure people into revealing details such as bank accounts or login names.

Analyst Mike McGuire of Gartner said that Apple needs to ensure it stays on top of the situation.

"If they don't aggressively sort this out, it can undo a lot of brand building and trust as they become this transaction hub for 150 million people's credit cards at last count."

BBC News - Web scam hits iTunes and Paypal