Back in July, we reported that several iTunes accounts were compromised by hackers who went on to make fraudulent purchases on the user’s behalf. Although Apple clamped down on the hackers, and promised security improvements after widespread criticism from bloggers, hackers seem to have one-upped them once again.
TechCrunch is reporting that another large-scale iTunes scam is underway, and several iTunes account holders have already lost thousands of dollars. The problem seems to be due to a security hole in iTunes accounts linked to PayPal. One affected user, Joey Bruce tweeted, “Someone hacked my iTunes/PayPal acct and drained everything from my bank account. Life is kicking me in the balls while I’m down”.
Given iTunes’ abysmal security track record, we strongly recommend against permanently storing any financial information (i.e. linking with your credit card or PayPal). PayPal is aware of the issue; however, none of the involved parties have issued a statement.
In related news, 12 people have been charged with fraud and money laundering offences related to iTunes. Apparently, this gang uploaded tracks to Amazon and iTunes and used stolen credit cards to purchase them.