“Apple told me that an extremely small percentage of users, about 400 of the 150 million iTunes users — that is less than 0.0003 percent of iTunes users, were impacted,” he said.
Concerns that Apple’s App Store had been hacked surfaced over the weekend when some users reported they were being charged for ebooks without their permission. The initial concerns led to reports that Apple’s online security systems for the iPhone, iPod touch and iPad App Store had been breached.
Apple responded to the incident by saying developer Thuat Nguyen and his ebooks were dropped from the App Store for fraud-like activity. The company also confirmed that developers don’t have access to user account data.
The Mac and iPhone maker has implemented new security measures to help prevent similar incidents in the future including requiring users to enter their credit card CCV code more often.
Apple’s statements and followup actions back up the notion that the victims in the incident lost their iTunes account passwords through some sort of phishing scam, or because they used weak passwords that were easy to guess.
The fact that this looks to be a situation where user iTunes user account information was compromised outside of the App Store doesn’t diminish the headaches the victims are experiencing, but it does highlight the importance of using account passwords that are difficult to guess, and to avoid using the same password for all of your online accounts.