We reported earlier this week on a rogue developer who had apparently gamed the App Store in order to get 40 of his apps listed on the store’s top sales rankings. Following numerous developer and user complaints, Apple yanked the offending apps from the store, and now Engadget says it’s received a response from Apple regarding these shenanigans.
Apple’s response stops short of admitting that the App Store had been hacked. However, the fact that it includes a warning about credit card theft and fraudulent iTunes account usage could imply that something happened. According to Engadget, the response reads as follows:
The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.
It is worth noting that, while compromised iTunes Store accounts are no laughing matter, this may not be a new phenomenon. MacRumors says it has had a slow-but-steady thread for years about stolen accounts, and it doesn’t take much of a spike in sales to rise up the ranks of the App Store’s Books category, which sees relatively little traffic (especially in light of Apple’s new, official iBookstore).
Although it’s nice to see Apple acknowledge the issue, it’s still unclear how Nguyen was able to game the system in such a way this past weekend. Is “fraudulent purchase patterns” a fancy way of saying the developer hacked user accounts to boost his sales, or did he manage to find an exploit in the App Store’s security and hack the Store itself? While we wait for further developments on this story, now might be a good time to double check your iTunes account for suspicious charges (this article shows you how to do just that).
Update: Apple has told Clayton Morris that approximated 400 iTunes accounts were hacked. Considering there are 150 million iTunes users, it is far from a widespread threat. Apple has also said that iTunes servers were not compromised in any way, and the company is working on new security measures to prevent this type of attack in the future.