App Store Hacked – How to Stay Safe Online

I’ve been trying to get caught up so I could have a chance to write a new article for my blog, so with this recent story to illustrate a point, I thought I’d share this important advice to protect your privacy and security.

I don’t know if you’ve heard about the recent news about people who had their cards charged against their will by Apple’s iTunes Store, but it’s been all over the news, at least in the tech world.

A lot of people have been blaming Apple and saying the iTunes App Store was hacked, but it looks like a problem with passwords.

In this article I’ll help you understand what happened, and give you a few tips to avoid similar problems.

First off, if you’re not familiar with it, the App Store is part of Apple’s iTunes Store, and is an online market where you can get free or paid “Apps” for mobile devices such as the iPod Touch, iPhone, and the iPad.

Apps are basically programs (also called applications) just like you would find on your computer, but designed to run on a mobile device like a smartphone.

Apple’s App Store lets you browse through thousands of these apps which let you do a wide variety of things from keeping up with news, to reading a book, to working with photos, to playing games, and a lot more.

Again, the same basic idea as an application or program for a computer, just the “pocket sized” edition, so to speak.

The App Store can be found within the iTunes program on your computer, or by using the App Store icon on an iPhone, iPod Touch, or iPad. Other companies also provide app stores for their devices.

So what happened with these unauthorized charges everyone is talking about?

Well, basically what happened is, people noticed that 40 out of 50 of the top-ranked apps (ranked in terms of copies sold) in the books category were all from the same person!

This seemed a little suspicious that one person would have managed to pull this off without being up to something. The next piece of the puzzle turned up when people started reporting unwanted charges on their accounts for hundreds or even in some cases over a thousand dollars, all orders for Apple Apps.

It seems that somehow criminals had gained access to at least a few hundred accounts people had on iTunes, they’d been used to place orders for dozens of apps, racking up big bills for each person who had been victimized.

Some people thought the App Store itself had been hacked, but most likely the each account had been broken into individually, probably by one of two means.

The first is known as a “brute force password crack”, and it’s where a program is used to try one password after another, starting with common ones, until the right one is guessed.

This may sound like a time-consuming process that no one would ever bother with, but remember it’s a program that does it automatically, and it starts with the easy to guess common passwords that so many people make the mistake of using.

The other possibility is that the passwords were stolen via a “phishing scam”, which is were people are tricked into entering their passwords into a website designed to look legit, but which is not.

Who is to blame?

At this point, the people behind it are unknown, but seem to be based in Asia. It is most likely an organized criminal organization instead of just one person acting alone.

Here’s what to do if you have an iTunes Store account:

If you’re concerned your account may have been compromised, you can find out by opening iTunes on your computer, then clicking the iTunes Store on the left side.

Then click your email address where it appears in the upper right of the window and you’ll be asked for your password. It’s OK to enter it there.

Once you log in, you’ll see a list of account-related items, including a “Purchase History” button you can click to look over any orders. You should be able to spot if there are items listed which you never ordered.

On the accounts screen you can also click the button “Edit Account Info” to change your password as a precaution.

If you find fraudulent charges, you can call Apple at: 1-800-275-2273 (to talk to a real person, press 0 at each prompt)

Here are a few tips for being safe with passwords:

1) Avoid using a simple word as your password, especially easy to guess things such as your name, your child or pet’s name, your phone number, the word ‘password’, etc.

Basically avoid anything you’d find in the dictionary to start with.

2) Don’t use the same password for everything – passwords are like keys, and I don’t think you’d hire a locksmith who used the same lock & key for every door and every customer. Don’t make the
same mistake with your passwords!

3) Longer and more complicated passwords are safer: as I mentioned above, brute force cracking methods will basically run through the dictionary when trying to break in — the longer the password is, and the more you mix in numbers with letters, UPPER and lower case letters (liKe THis), and even punctuation, the better.

4) Be careful about where you enter in your username and password information, and especially be wary of emails that come out of the blue asking you to “reset your account”, “update your information”, etc. And make sure that you look at the address bar on the top of your web browser window and read the address to make sure you’re on an official site when you sign in.

If you want to learn more, I talk more in depth about passwords and safety on a variety of my easy computer lesson CDs available on my website, including on the CD “5 Common & Costly Computer Mistakes and How to Avoid Making Them Yourself” which is part of the Windows Basics and the Apple Mac Basics bundles.

I also have CDs with audio and video lessons on how to recognize and avoid the phishing scams I mentioned earlier, which can help protect you against having your password or other important information stolen.

You can learn more and stay safer by taking a look at my easy, Plain English lesson CDs by visiting:

On that page you can either scroll down for written and video testimonials, or click the Apple Mac training or the Windows computer training links to see the list of lessons for your computer type.

Either way, I hope this lesson helps you stay safe and secure. If you have questions or comments about any of this, feel free to scroll down and use the comments box below.

Until next time, take care, and enjoy,

Worth Godwin
Plain English Simplicity For This Complex Modern World

Posted by Worth Godwin Computer Training on Jul 10, 2010 in Computer Help, Computer Security Advice, Computer Tips, Email Scams & Hoaxes, Online Privacy & Security | 2 comments

2 Comments

Leave Your Comment:

More From Computer Training

How to Undo Computer Mistakes in Microsoft Windows

Computer Question & Answer – Basic Computer Security Tips

Internet Tips: How to Avoid a Common Web Browsing Mistake

Computer Training Recommends

10 Ways To Increase Traffic To Your Blog (Brandon Hann)

How to write perfect web page titles (Brandon Hann)

Ask Computer Training To Recommend Your Posts

Testimonials:

"I’m beginning to enjoy my computer more and more because of the lessons and experience I’ve had with Worth teaching me about my computer."

-- Judi Nakamaru

"I’ve just never been a person with any mechanical skills. In fact, in the company that I ran, they wouldn’t even let me in the computer room.

And I have made such wonderful progress in dealing with Worth Godwin, that I just want to pass that along. "

-- Oliver Hutaf

"My name is Gina Eveland, and I'm retired from teaching.

It's easier for me to understand a lesson that Worth gives because he uses analogies I can relate to.

With each lesson, I felt better about what I was doing on the computer.

So I feel much more comfortable about the computer."

-- Gina Eveland

"Worth uses plain English so you can understand what he's teaching you, and he uses everyday examples.

Worth's computer lessons are for people just like me.

People who are afraid to push buttons, afraid they'll get in trouble with the computer. "

-- Linda Costa