A couple of months ago we reported that the App Store had been hacked, resulting in a massive fraud whereby hackers would get into people’s iTunes accounts and buy their own apps. At the time, Apple issued a weak statement, the App Store got hacked again, and we never heard anything about this matter until today.

A TechCrunch article reveals what seems to be a major security flaw in iTunes accounts linked to Paypal.

At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, “My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.” His email was filled with nearly 50 receipts from PayPall for $99.99 each.

At this time, no one really knows how this is happening. Fishing? Brute forcing? One thing is sure though, if you are using Paypal as your iTunes/App Store payment method, you may want to “unlink” your account from there and change both your iTunes and Paypal passwords.