Massive iTunes hacking/stolen money underway at this time - Page 2

scottjl · 07-04-2010, 05:42 PM

think your class should be updated.. best to go for 12 characters, include more than one number and special character, and a mix of case.

often useful is a phrase, instead of spaces use numbers and special characters

jacK+jilL1234

or

1cAts@dOgs1

a little tricker to type out, but also harder to hack.

HarryT · 07-04-2010, 05:45 PM

Quote:

Originally Posted by scottjl

think your class should be updated.. best to go for 12 characters, include more than one number and special character, and a mix of case.

often useful is a phrase, instead of spaces use numbers and special characters

jacK+jilL1234

or

1cAts@dOgs1

a little tricker to type out, but also harder to hack.

Trouble is, though, that when your password rules become so complex that you have to write them down in order to remember them, the additional "security" becomes self-defeating.

Sischa · 07-05-2010, 03:43 AM

Quote:

Originally Posted by HarryT

Trouble is, though, that when your password rules become so complex that you have to write them down in order to remember them, the additional "security" becomes self-defeating.

Or you have a "passphrase" like: i look 4 my castles the whole day ! To see if the 2 of them still can fly = il4mctwd!Tsit2otscf

murraypaul · 07-05-2010, 05:11 AM

Quote:

Originally Posted by HarryT

Possibly a dictionary-based attack program is finding accounts with weak passwords? Sounds as if it may be something like that. A "golden rule" is never to use a password that's in the dictionary. I see now what's happening, though - the account is being hacked and then purchases made against "junk" books that the criminal has uploaded to the iBookstore. If that is the case, this will probably only affect people with accounts on the US iBookstore since that's currently the only one that permits individuals to upload books for sale.

To clarify, from the screenshots posted so far, the money is not going to buy books in the iBookstore, but book apps in the app store.

nick101 · 07-05-2010, 06:10 AM

"Massive" definitely appears to be an over-statement.

Having spent a bit of time following this up, and some of the history, I find the following:

1. A significant number of accounts have been hacked, but the number is in the dozens or hundreds. This is based not on the number of posts reporting 'my account's been hacked' but on the volume of 'sales' of the offending products. They are in parts of the store where best sellers sell in dozens, not thousands.

This is obviously a serious problem, especially for the victims, but "massive" isn't the adjective for this volume of a multi-million-user store. Compare with the recent AT&T iPad hack which affected over 100,000 people.

2. There is a persistent history of people having their iTunes accounts hacked, i.e. this has not just come out of the blue. Whether that means there's a specific set of vulnerabilities in the iTunes store, I don't know.

3. It's easy to check if you're a victim. Sign in to the iTunes store and check your recent purchases.

4. If you're concerned, change your password following Harry's advice.

HarryT · 07-05-2010, 06:26 AM

It's also worth noting that the money is in Apple's bank account - the hackers don't have it, and are vanishingly unlikely to ever get it. I'm sure that when the fraudulent transactions have been clarified, the money will be refunded.

nick101 · 07-05-2010, 06:28 AM

Quote:

Originally Posted by HarryT

It's also worth noting that the money is in Apple's bank account - the hackers don't have it, and are vanishingly unlikely to ever get it. I'm sure that when the fraudulent transactions have been clarified, the money will be refunded.

Good point.

Fotoman · 07-05-2010, 12:18 PM

Apparently Youtube and Wikipedia were also attacked:
Wikipedia down/

HarryT · 07-05-2010, 04:22 PM

Quote:

Originally Posted by Fotoman

Apparently Youtube and Wikipedia were also attacked:
Wikipedia down/

The report you've linked to there says that the Wikipedia outage was due to a power failure in their Florida data centre. Not sure what that has to do with attacks.

Fotoman · 07-05-2010, 04:39 PM

Quote:

Originally Posted by HarryT

The report you've linked to there says that the Wikipedia outage was due to a power failure in their Florida data centre. Not sure what that has to do with attacks.

Yes, just saw the update. What it has to do with this was in the body of the post...before the update: all 3 problems were thought to be related when they were reported.

HarryT · 07-05-2010, 05:24 PM

Just goes to show that one shouldn't assume that temporally related events are also causally related.

David Munch · 07-05-2010, 06:01 PM

Reports of 'App Store Hacked' Greatly Exaggerated

Fotoman · 07-05-2010, 09:18 PM

Quote:

Originally Posted by HarryT

Just goes to show that one shouldn't assume that temporally related events are also causally related.

That's where the word "apparently' comes in. It's synonymous with "ostensibly," "seemingly," "alledgedly." And the article itself used the phrase "... it would seem..."

So it appears the assumption is all yours.

nick101 · 07-06-2010, 05:51 AM

Quote:

Originally Posted by Fotoman

That's where the word "apparently' comes in. It's synonymous with "ostensibly," "seemingly," "alledgedly." And the article itself used the phrase "... it would seem..."

So it appears the assumption is all yours.

Unfortunately, all those adverbs are commonly used in the media as euphemisms for 'we have no real idea if this is actually true and we can't be bothered to check, so we'll just run with it anyway'.

So I think Harry's reaction is understandable

HarryT · 07-07-2010, 08:54 AM

More information is emerging about the recent iTunes App Store issues. This article by The Register suggests that around 400 accounts were compromised, and that logon credentials were obtained by a phishing attack; the iTunes Store itself was not hacked.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Massive hacking of iTunes accounts happening right now!	vaughnmr	News	64	07-08-2010 08:50 PM
1st time owner - Advice on personalizing, improving, hacking?	Jonahcz	Sony Reader	7	05-14-2008 10:50 PM

07-04-2010, 05:42 PM	#16
scottjl Reader of Books Posts: 1,632 Karma: 2697 Join Date: Oct 2009 Device: none	think your class should be updated.. best to go for 12 characters, include more than one number and special character, and a mix of case. often useful is a phrase, instead of spaces use numbers and special characters jacK+jilL1234 or 1cAts@dOgs1 a little tricker to type out, but also harder to hack.

07-05-2010, 06:10 AM	#20
nick101 Groupie Posts: 190 Karma: 1248 Join Date: Nov 2009 Location: Milton Keynes UK Device: Sony PRS-600 Touch, iPhone	"Massive" definitely appears to be an over-statement. Having spent a bit of time following this up, and some of the history, I find the following: 1. A significant number of accounts have been hacked, but the number is in the dozens or hundreds. This is based not on the number of posts reporting 'my account's been hacked' but on the volume of 'sales' of the offending products. They are in parts of the store where best sellers sell in dozens, not thousands. This is obviously a serious problem, especially for the victims, but "massive" isn't the adjective for this volume of a multi-million-user store. Compare with the recent AT&T iPad hack which affected over 100,000 people. 2. There is a persistent history of people having their iTunes accounts hacked, i.e. this has not just come out of the blue. Whether that means there's a specific set of vulnerabilities in the iTunes store, I don't know. 3. It's easy to check if you're a victim. Sign in to the iTunes store and check your recent purchases. 4. If you're concerned, change your password following Harry's advice.

07-05-2010, 06:26 AM	#21
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	It's also worth noting that the money is in Apple's bank account - the hackers don't have it, and are vanishingly unlikely to ever get it. I'm sure that when the fraudulent transactions have been clarified, the money will be refunded.

07-05-2010, 12:18 PM	#23
Fotoman Groupie Posts: 157 Karma: 2160 Join Date: Feb 2009 Location: Vancouver, BC Device: iPad 64GB wifi (Sony 505 RIP)	Apparently Youtube and Wikipedia were also attacked: Wikipedia down/

07-05-2010, 05:24 PM	#26
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	Just goes to show that one shouldn't assume that temporally related events are also causally related.

07-05-2010, 06:01 PM	#27
David Munch Scholar Posts: 1,008 Karma: 3999312 Join Date: Aug 2008 Location: Denmark Device: Kobo Libra H2O + iPad Air 4	Reports of 'App Store Hacked' Greatly Exaggerated

07-07-2010, 08:54 AM	#30
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	More information is emerging about the recent iTunes App Store issues. This article by The Register suggests that around 400 accounts were compromised, and that logon credentials were obtained by a phishing attack; the iTunes Store itself was not hacked.

Advert

Advert