Apple responded Monday to concerns that iTunes Store accounts had been hacked over the holiday weekend by saying that developer Thuat Nguyen and his ebooks have been kicked out of the App Store. The company also confirmed that developers don’t have access to user account data.
Apple said in a statement to Engadget:
The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.
Apple seems to be implying that iTunes Store user account information was somehow obtained by Mr. Nguyen, although the company isn’t stating how it thinks that happened. The most likely methods look to be either a phishing scam, or weak account passwords that were easy to guess.
Concerns that Apple’s App Store had been hacked and users were being charged for ebooks without their permission hit the Web Sunday after some iTunes Store accounts were used to buy Mr. Nguyen’s ebooks without user permission. The initial report led to reports that Apple’s online security systems for the App Store had been breached.
So far there isn’t any evidence yet to suggest that the App Store security was actually compromised or that anyone managed to get into Apple’s App Store and iTunes user account information.