Headline Feeds
Security experts will tell you that cybercriminals like to hit online operations with large numbers of users. So it shouldn't be surprising that an unscrupulous individual has apparently been caught lurking in the heavily trafficked Apple (Nasdaq: AAPL) iTunes App Store.
Clues that something was amiss in the App Store surfaced over the weekend when apps by a particular developer -- with very few customer reviews or ratings -- captured 42 of the top 50 spots in the App Store's "Books" category. There were also reports of some App Store customers seeing hundreds of dollars in unauthorized charges to their accounts for the purchase of some of these apps.
Fraudulent Purchase Patterns
Apple had been quiet about the situation until Tuesday, when it told reporters that a developer named Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Apple also said that approximately 400 iTunes user accounts had been impacted in the incident and that iTunes' main servers were not compromised at all.
Despite the relatively small number of customers whose accounts have been hacked, this could be a potentially damaging blow to a company that has long been lauded for protecting its users from security breaches. "This is the first time I have heard of a security issue involving the Apple App Store," Carolina Milanesi, research VP of mobile devices at Gartner (NYSE: IT), told MacNewsWorld. "Apple curates its store quite tightly; some have argued too tightly."
A Popular Place to Shop
That "too tightly" comment is a reference to frequent developer complaints that Apple maintains strict control over the apps offered in its store because it wants to keep competitors from selling apps there, not because it's particularly concerned about security.
Some analysts believe this incident says more about the popularity of Apple's products and the applications that support them than it does about the company's ability to secure its site. The App Store currently offers more than 225,000 applications that can be used on various Apple mobile devices such as iPhones, iPods, and the tablet-style iPad device. Users have opened more than 100 million accounts on the site, and many of those accounts are linked to credit cards.
"Given the sheer size and scope of the App Store, I'm not surprised there has been an attack like this," Michael Gartenberg, a partner with the Altimeter Group, told MacNewsWorld. "What is surprising is that it hasn't happened sooner."
Violating User Trust
The nature of the apps involved -- obscure titles, many of them in Vietnamese -- made it fairly easy to determine something was amiss when they rose to the top of bestseller list, which helped minimize the potential monetary damage to Apple and its customers. "Still, any time something like this happens it violates user trust," Gartenberg argued.
In its statement regarding the breach, Apple said developers do not get customer information when applications are purchased on the site. The statement also advised anyone who has noticed unauthorized use of their iTunes account or credit card to contact their financial institution about canceling the credit card and issuing a chargeback for any fraudulent transactions. Customers also were directed to a page on the Apple site offering best practices for password security.
Those best practices should be required reading for anyone making online purchases, Gartenberg advised. "Any site is only as good as its users' passwords," he said. "If they use passwords that are not difficult to figure out, they greatly increase the chances of their accounts being compromised."
Talkback: 
