The weekend’s suspected iTunes fraud has culminated in an official statement from Apple themselves, together with confirmation that the developer believed to be responsible for the scam has been ejected from the App Store. According to Apple’s statement, users who believe their credit cards have been incorrectly charged should take the matter up with their bank; they insist that no developer ever sees “confidential customer data” by which we’re presuming they mean card details or iTunes passwords.
The scam was spotted when several iTunes users noticed their credit cards had been billed with numerous app downloads, generally consisting of various low-cost titles and then one or two expensive purchases. Meanwhile in-app purchases were also used. At the time, it was theorised that developer Thuat Nguyen was using compromised iTunes accounts to drive his apps up in the download charts; however some users also reported other titles being bought.
Apple say Thuat Nguyen has been ejected from the iOS developer program and his apps removed from the store, and that people who believe they may have been affected should change their iTunes passwords.
The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.