Hackers Use iTunes Flaw to Rob PayPal Accounts

This week, we reported an iTunes vulnerability that exposes Windows users to over 40 different application attacks. Now, it seems that the same exploit is being used by hackers to infiltrate and drain PayPal accounts.

"My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised," complained one customer in a recent post to blog TechCrunch. The same victim said he'd received almost fifty receipts from PayPal totaling $99.99 each, but was able to prevent these transactions from being recorded by his bank.

Not everyone caught the hack in the nick of time. Other users frantically went to Twitter looking for others affected by the breach. "Someone hacked my iTunes/paypal acct and drained everything from my bank account," complained one PayPal and iTunes user. (Source: techcrunch.com)

iTunes Support Not Up to Snuff

Some users complain that Apple's iTunes administration has not been particularly helpful with these concerns. This echoes similar complaints made against iTunes last month.

Officially, Apple says it is working on a fix and plans to beef up security after what has been a trying summer for iTunes users.

"Among other new security measures iTunes now requires more frequent re-entry of a customer's credit card security code," a spokesperson said.

"But, if your credit card or iTunes password is stolen and used on iTunes, we recommend that you contact your financial institution and inquire about canceling the card and issuing a charge-back for any unauthorized transactions. We also recommend that you change your iTunes account password immediately." (Source: appleinsider.com)

PayPal Vows to Pay Back Victims

Thankfully, PayPal has acted more responsibly than Apple. "Paypal is very cooperative but there is just about no way to get a hold of iTunes [representatives]. I did call paypal and they assured me that they had contacted iTunes and it was going to be taken care of in my favor," said one user.

Still, everyone should pay close attention to their iTunes and PayPal accounts. "Everybody watch your iTunes account closely," one victim warned. "I just got hacked for almost $1000.00 worth of software, videos and music. Hopefully paypal will refund it all... This happened within the last few hours. [One] transaction after another."