For the last year, intruders have been able to crash through the company’s faith-based security in order to spend other users’ money. Meanwhile, Jobs’ Mob couldn’t stop them.
The first reports of the incidents came in November 2010: one of the Apple support forum’s users claimed that someone had spent over $50 of his iTunes Store credit on iPhone apps, while his home address changed to some address in Towson, Maryland.
Later, the list of complaints grew as much as up to 700 posts, when a hacker or a number of them managed to spend iTunes gift card credit without permission. Apple had to refund some of its users, but not all of them – the company hasn’t given cash back to many, while acknowledging no wrongdoing or iTunes hacking.
The Apple religion claimed that Jobs’ Mob was the most secure software maker throughout the globe and only Windows-running devices could be hacked. Since Apple didn’t stop the hackers, they grew more sophisticated, with the users noticing that the purchases in question turned out to be applications from certain developers, including “gao jing,” known for application like Expert Guide for Black Ops or Game Guide for New Vegas.
The experts believed that the software purchased was all of Chinese origin, thus hinting that there was a way for rogue developers to get some cash off Apple. The latter appeared to have twigged that there might be something afoot and none of the applications were in the store.
Back in April, a number of users discovered that instead their money were making in-app purchases for a Sega game titled KingdomConquest, and it was clear to everyone that Sega was unlikely to make sales in such dodgy way. The intruders managed to “purchase” the free application on victims’ iTunes accounts, thus triggering the in-app purchases. Although Sega expressed a wish to investigate, it appeared that it was blocked by Apple, which refused to allow access to its users’ iTunes account data or any transaction histories.
Back this past June, the attacks started worsening, with Jobs’ Mob emails to users coming close to admitting that cash was taken from customer accounts without permission. Still, the company only refunded cash once, while customers hit during the second attack were told to go forth and multiply. Meanwhile, the hacks are getting more frequent.