Attacks/Breaches
7/6/2010
01:38 PM
Connect Directly
RSS
E-Mail
50%
50%

Apple App Store Suffers Hack Attack

Company insists user data has not been compromised, but is nonetheless advising customers to watch for suspicious transactions.

Apple said Tuesday that it removed a seller from its online applications store after discovering that he gamed the store's sales ranking system to make it appear as though his e-books accounted for 42 of the site's top 50 electronics books.

Apple said the hack was carried about by a developer named Thuat Nguyen.

"His apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns," Apple said in a statement.

The company did not provide details about how Nguyen managed to rig its sales data. Some observers are speculating that he merely manipulated sales figures, while others believe Nguyen may have actually gained access to App Store user accounts to make unauthorized purchases.

Nguyen listed his Web site as "mycompany", an Internet address that reportedly leads to a domain name parking page.

Apple insisted App Store or iTunes users' information is not at risk as a result of the incident. "Developers do not receive any iTunes confidential customer data when an app is downloaded," the company said.

Still, Apple cautioned its customers to be vigilant for suspicious transactions.

"If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about cancelling the card and issuing a chargeback for any unauthorized transactions," Apple said.

"We also recommend that you change your iTunes account password immediately," Apple added. Investors shrugged off news about the breach. Apple shares were up .69%, to $248.65, in midday trading Tuesday.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

CVE-2014-0762
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.

CVE-2014-2380
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

CVE-2014-2381
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

CVE-2014-3344
Published: 2014-08-27
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq3...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.