A lot of people have been blaming Apple and saying the iTunes App Store was hacked, but it looks like a problem with passwords.
In this article I'll help you understand what happened, and give you a few tips to avoid similar problems.
First off, if you're not familiar with it, the App Store is part of Apple's iTunes Store, and is an online market where you can get free or paid "Apps" for mobile devices such as the iPod Touch, iPhone, and the iPad.
Apps are basically programs (also called applications) just like you would find on your computer, but designed to run on a mobile device like a smartphone.
Apple's App Store lets you browse through thousands of these apps which let you do a wide variety of things from keeping up with news, to reading a book, to working with photos, to playing games, and a lot more.
Again, the same basic idea as an application or program for a computer, just the "pocket sized" edition, so to speak.
The App Store can be found within the iTunes program on your computer, or by using the App Store icon on an iPhone, iPod Touch, or iPad. Other companies also provide app stores for their devices.
So what happened with these unauthorized charges everyone is talking about?
Well, basically what happened is, people noticed that 40 out of 50 of the top-ranked apps (ranked in terms of copies sold) in the books category were all from the same person!
This seemed a little suspicious that one person would have managed to pull this off without being up to something. The next piece of the puzzle turned up when people started reporting unwanted charges on their accounts for hundreds or even in some cases over a thousand dollars, all orders for Apple Apps.
It seems that somehow criminals had gained access to at least a few hundred accounts people had on iTunes, they'd been used to place orders for dozens of apps, racking up big bills for each person who had been victimized.
Some people thought the Apple App Store itself had been hacked, but most likely the each account had been broken into individually, probably by one of two means.
The first is known as a "brute force password crack", and it's where a program is used to try one password after another, starting with common ones, until the right one is guessed.
This may sound like a time-consuming process that no one would ever bother with, but remember it's a program that does it automatically, and it starts with the easy to guess common passwords that so many people make the mistake of using.
The other possibility is that the passwords were stolen via a "phishing scam", which is were people are tricked into entering their passwords into a website designed to look legit, but which is not.
Who is to blame?
At this point, the people behind it are unknown, but seem to be based in Asia. It is most likely an organized criminal organization instead of just one person acting alone.
Here's what to do if you have an iTunes Store account
If you're concerned your account may have been compromised, you can find out by opening iTunes on your computer, then clicking the iTunes Store on the left side.
Then click your email address where it appears in the upper right of the window and you'll be asked for your password. It's OK to enter it there.
Once you log in, you'll see a list of account-related items, including a "Purchase History" button you can click to look over any orders. You should be able to spot if there are items listed which you never ordered.
On the accounts screen you can also click the button "Edit Account Info" to change your password as a precaution.
If you find fraudulent charges, you can call Apple at: 1-800-275-2273 (to talk to a real person, press 0 at each prompt)
Here are a few tips for being safe with passwords:
1) Avoid using a simple word as your password, especially easy to guess things such as your name, your child or pet's name, your phone number, the word 'password', etc. Basically avoid anything you'd find in the dictionary to start with.
2) Don't use the same password for everything - passwords are like keys, and I don't think you'd hire a locksmith who used the same lock & key for every door and every customer. Don't make the same mistake with your passwords!
3) Longer and more complicated passwords are safer: as I mentioned above, brute force cracking methods will basically run through the dictionary when trying to break in -- the longer the password is, and the more you mix in numbers with letters, UPPER and lower case letters (liKe THis), and even punctuation, the better.
4) Be careful about where you enter in your username and password information, and especially be wary of emails that come out of the blue asking you to "reset your account", "update your information", etc. And make sure that you look at the address bar on the top of your web browser window and read the address to make sure you're on an official site when you sign in.
Hopefully if you follow these computer tips you'll stay safer online and feel a little more comfortable shopping on the web, which overall is very safe to do.
Worth Godwin is a computer coach with over 15 years' experience helping computer users of all levels, and has also worked for many years "in the trenches" as a hardware and software tech, solving real-world computer problems.
Worth has also been studying the human mind, and how people learn, since the early 1990s. He draws upon all of this experience, as well as his English and writing degrees, to teach people in a unique way with computer training that really makes sense.
In 2006, Worth began putting his easy lessons together on computer training CDs, carefully designed to make it easy to learn computer basics at your own pace, for an affordable price, with a system that really works.
