A couple of months ago we reported that the App Store had been hacked, resulting in a massive fraud whereby hackers would get into people’s iTunes accounts and buy their own apps. At the time, Apple issued a weak statement, the App Store got hacked again, and we never heard anything about this matter until today.

A TechCrunch article reveals what seems to be a major security flaw in iTunes accounts linked to Paypal.

At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, “My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.” His email was filled with nearly 50 receipts from PayPall for $99.99 each.

At this time, no one really knows how this is happening. Fishing? Brute forcing? One thing is sure though, if you are using Paypal as your iTunes/App Store payment method, you may want to “unlink” your account from there and change both your iTunes and Paypal passwords.

  • ck

    I can testify to this. However, i was able to catch it quickly. 12$ charged. And stopped before another 32$ attempted in itunes.
    Paypal was quick enough to reverse the charges. Surprisingly Apple stills holds my charges for 32$. They are awaiting my call to specifically drop these !
    There has been no response from the itunes email support since the day they responded to my support request. However, iphone support person helped me a bit, and there is an open case. But i still need to call back to have these charges removed.

  • Iphone4

    That’s terrible!!~

  • ie2special

    Happened to me, 150 bucks and I KNOW i fell for no phishing scams. Paypal caught it before I did. Apple wasn’t so nice, or so quick, but it is fixed now.