The Real iTunes Fraud Vulnerability: Gullible Users
So these reports of a major security hole in iTunes, one through which people have had their PayPal accounts drained?
Not much to them, I’m told. Or, rather, not much to their assertion that Apple (AAPL) is at fault here. There’s no security hole in iTunes, and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes account, it’s likely because you’ve fallen victim to a bot attack or phishing scam–a variation on the one that’s been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions.
As for an official comment, Apple offers this bit of common sense advice:
“ITunes is always working to prevent fraud and enhance password security for all of our users. But if your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and/or issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately.”
PayPal declined comment on the issue, but told me that any unauthorized charges sent through its service will be reimbursed.
[Image credit: Ars Technica]