Hundreds of Apple customers fall victim to hacker in app scam

If Apple didn't notice that 41 of its 50 top-rated e-books in the US were in Vietnamese and the work of the same, unknown publisher, then alarm bells should have sounded when customer reviews talked not of ripping yarns, but of online scams.

Nevertheless, Apple was struggling to explain last night how hundreds of its customers had apparently become victims of a scam in which a phantom developer, named Thuat Nguyen, hacked into their accounts and used them to artificially inflate the ratings and sales for his book applications, after technology news site The Next Web broke the story to the blogosphere.

Online forums and social networking sites were flooded with reports from Apple customers complaining about the scam after the alarm was raised by two rival publishers. Patrick Thompson and Alex Brie noticed a sudden upsurge in the popularity of the rogue developer's apps, before he vanished.

The pair claimed that Nguyen's products did not belong in the books store and, unusually for Top 50 products, had few user ratings or reviews. One product, called Conan 3, had reviews from customers complaining that their iTunes accounts had been hacked and the apps had been purchased by the hacker.

"It would appear that this publisher is hacking accounts and buying his own apps in order to drive up his rankings in the books category," Mr Thompson wrote. Mr Brie, a developer and blogger, said Conan 3 "does have other extremely positive reviews written in poor English. None of the other 41 books has any reviews; had the positive ones been legit, other apps should have some kind of reviews as well."

Mr Brie suspected these positive reviews were written by their developer, or his associates, in a botched bid to divert attention from his real motivations. Apple customers posted comments on technology and social networking sites: "If the iTunes account hacking part is true, then Apple really needs to step in and fix this," wrote one.

On one forum, MacRumors, a post read: "On Friday there was $1,400 [£930] missing from my checking account. I checked with my bank and it was all from unauthorised iTunes purchases. I notified Apple on Friday when there were still over 1,200 pending downloads. They did nothing except tell me they don't do refunds. They didn't even stop the illegal downloads. As we speak, someone is downloading songs from my account (there are 300 left) and I can't do anything about it."

Speculation abounds about how such a large security breach could have been carried out; it is estimated that hundreds of Apple customers have become victims. It is thought that some may have been hit by a "phishing" scam, in which an apparently legitimate email convinces the recipient to part with sensitive information.

This is the latest in a series of recent Apple security breaches. Last month, The Independent reported that 114,000 of the first iPad owners were victims of a security breach in which personal email addresses were leaked.

That attack provoked fears that iPad users who subscribed via AT&T's 3G network could be at risk from phishing scams. Armed with a valid email address and the knowledge that their target may be expecting emails from Apple or AT&T, criminals could send emails that plant malicious software on their victims' computers. Just weeks earlier, a member of Apple staff lost a prototype of an iPhone in a bar. The phone was taken to pieces, photographed and published online by a technology blog.

Nguyen's apps are believed to have been published in quick succession between 16 and 22 April. His company website, "mycompany", had 41 books in its apps portfolio, all of which appeared in the Top 50 paid books in the US market. It also published one game.

A spokesman for Apple did not respond to requests to comment on the matter yesterday.

Comments