Reports are appearing this morning about a major security hole in iTunes accounts linked to PayPal. At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal. One targeted customer told us, “My account was charged over $4700. I called security at PayPal and was told a large number of iTunes store accounts were compromised.” His email was filled with nearly 50 receipts from PayPall for $99.99 each. (Update: they were for “CastleCraft, Dragon Crystals (10000 Pack), Seller: Freeverse, Inc”). He was able to catch it before his bank disbursed funds to PayPal.
But others were not so lucky. A quick search of Twitter and Facebook shows that the problem is not isolated.
Update: Now All Things D notes that the unauthorized charges stem from an old fashioned phishing attack.
There’s no security hole in iTunes and if you’ve been unfortunate enough to have hundreds of dollars in unauthorized purchases charged to your iTunes acount it’s likely because you’ve fallen victim to a phishing scam – a variation on the one that’s been around for years now. Sources close to Apple tell me iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions.
More on the story over here at TC.