Earlier this weekend, reports emerged that a third-party developer had hacked into people’s App Store and iTunes accounts in order to boost sales of their e-books (a somewhat strange target considering how low e-book sales are through these channels).
The scheme was outed by several other developers who note particularly strange e-book selections rising in the ranks. The e-book developer in question, Thuat Nguyen, artificially elevated the books to take up 40 spaces on the top 50 list. All of the books affected appeared to be low-quality, and several of the reviews left for them were from people claiming their iTunes accounts had been infiltrated and that they’d been charged as much as $600 on books they never purchased.
Immediately panic started to spread that the scam was impacting a large number of accounts, with many media outlets and tweets warning iTunes users that no one was safe. But now, a day later, it’s become clear that only a small minority of iTunes accounts were actually hacked — probably no more than a few hundred around the world, according to MacRumors. Considering that there are more than 100 million active iTunes accounts, this was no big deal.
Thuat Nguyen’s book apps have now all been removed from the iTunes store.
Still, the modest success of this particular developer does raise issues about iTunes and App Store security. The way the architecture currently exists, accounts are vulnerable to a variety of potential attacks. Small, isolated incidents are reported fairly regularly, but no major scheme has successfully affected millions of accounts at once.
Possible fixes for this situation is a common discussion topic on Apple and internet music forums, but so far, the best recommendation from Apple itself is for users to create complex and varied passwords, making their accounts more difficult to infiltrate. TheNextWeb questions why the company doesn’t have mechanisms in place to detect rapid shifts in rankings that could expose hacking attempts earlier and faster.
This e-book attack, however, should probably raise bigger concerns for other developers. When only one developer dominates the rankings in any one category, all of the others and their products don’t get the exposure they otherwise would, which could amount to a significant loss in income.