Over the weekend something odd happened on iTunes. A rogue developer managed to grab 42 of the top 50 sales positions in the App Store's "book" category with what appeared to be junk content.
Here's Apple's word on the matter:
The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.
That statement raises more questions than it answers. First, "fraudulent purchase patterns" doesn't really tell us anything about the origins of the fraud or who was affected. Secondly, while Apple feels the need to confirm that developers don't get any confidential info on app purchasers, it doesn't make clear whether there are unauthorized ways for unscrupulous devs to get their hands on this info.
Finally, Apple is putting end users in charge of clearing up the mess by suggesting that they deal directly with their "financial institution" if they feel they've incurred any losses. Apple wants to stay on the periphery of any talk of fraud.