iTunes users who have their account linked to PayPal have been hit by a security scam, with multiple users complaining of losing money.
Apple and PayPal have both refused to discuss details of the issue, but experts have told BBC reporters that the victims have probably fallen for an email scam, rather than an unknown vulnerability in the programmes’ servers.
One victim told the blog TechCrunch, “My account was charged over $4,700. I called security at PayPal and was told a large number of iTunes stores accounts were compromised.”
Another posted their experience on Facebook: “My iTunes account just got hacked and someone made about $700 worth of purchases. I contacted Paypal and they said Apple has gotten so many attacks since June, they can barely keep up with reporting them all.”
Apple released a statement to BBC News, reading: “iTunes is always working to prevent fraud and enhance the password security of all of our users.
“But if your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about cancelling the card and/or issuing a chargeback for any unauthorised transactions.
“We also recommend that you change your iTunes account password immediately.”
PayPal has said that it will reimburse any unauthorised charges.
Security firms are unsurprised by the news. “We have been hearing about attacks on iTunes for a while and it seems it is possible to game iTunes and make money,” said Dan Kaminsky, chief scientist at security firm Recursion. “I am sure Apple are getting a rapid education in what it means to be a mechanism that fraudsters can use to steal funds, but I don’t expect this to be a long-term problem or a product-threatening one.”
