Concerns that Apple’s App Store had been hacked and users were being charged for ebooks without their permission hit the Web Sunday after what appears to be a situation where specific user accounts have been compromised. The initial report led to reports that Apple’s online security systems for the iPhone, iPod touch and iPad App Store had been breached.
The Next Web reported the App Store and individual accounts had been hacked by a developer who was charging users for Vietnamese ebooks, citing comments on Twitter and online forums at a few Mac-related Web sites. Based on information available so far, however, it appears that someone managed to discover passwords for a limited number of user accounts.
It’s unclear how the person behind the incident gained the passwords, but the most likely methods include phishing scams and guessing weak user passwords. There isn’t any evidence yet to suggest that the App Store security was actually compromised or that anyone managed to get into Apple’s App Store and iTunes user account information.
Apple removed the ebooks linked to the incident Sunday afternoon.
The fact that this looks to be a situation where user iTunes user account information was compromised outside of the App Store doesn’t diminish the headaches the victims are experiencing, but it does highlight the importance of using account passwords that are difficult to guess, and to avoid using the same password for all of your online accounts.
Apple has not issued a statement regarding the incident.