App marketplace vendors mum on account hacks

Mobile app store owners silent about measures put in place to prevent hacked accounts from being exploited, though Microsoft says it focuses on educating users about online safety.
Written by Liau Yun Qing, Contributor

Mobile app store vendors were coy about incidents related to account hacks when asked if they had preventive measures to safeguard hacked accounts from being exploited.

Following recent reports of hacked Apple iTunes accounts being sold on Chinese online auction site Taobao, ZDNet Asia queried app marketplace operators about security measures they implemented to protect accounts from being hacked and used illegally.

Chris Chin, Microsoft's Asia Pacific director of developer marketing for mobile communication, said users who discover that their Windows Live ID has been compromised should recover their account by resetting their password. Windows Phone 7 users buy apps from the Microsoft Windows Phone Marketplace which is linked to their Windows Live accounts.

Chin added: "If you believe unauthorized Marketplace purchases were made with your account, contact our support team." However, he did not reveal if there have been reports of hacked Windows Live accounts being used to buy apps illegally or the types of safeguards Microsoft has implemented to prevent such incidents from happening.

Chin, however, did say that the company is "focused on helping to educate people about what they can do to increase their online safety and reduce the risk of fraud".

Noting that a common cause of compromised online accounts is threats from malware and phishing, he added that users should use a secure Web browser when surfing online.

Google declined to comment for the story

When contacted, Apple did not respond specifically to ZDNet Asia's queries on what preventive measures it had implemented to protect its users. Instead, a company spokesperson pointed to a news report that revealed Taobao had since taken down auctions of hacked iTunes accounts and added that the Chinese company should instead be contacted for comments.

Taobao spokesperson, Justine Chao, told ZDNet Asia in an e-mail interview that the Chinese auction site removed the listing of hacked accounts after receiving complaints from Taobao users that the iTunes accounts sold were "not what they expected".

"We had not been advised by Apple to take any action thus far," she noted. "Our decision to remove the listings was done in the interest of protecting the consumers who shop on Taobao."

Previous reports noted that the site was reluctant to take down the listings unless it receives "a valid takedown request".

Hacked user shares experience
A ZDNet Asia reader, Kassandra, recalled the harrowing experience she encountered when her iTunes account had been hacked and used to purchase apps, and the long process it took to dispute the charges.

In an e-mail interview, she explained that she discovered on May 11, 2010, that her iTunes account was used to purchase apps that she did not download. The New York-based sales coordinator said the apps purchased were in Mandarin and were transacted in China.

She said she has always been careful about managing her financial information and frequently changes all her passwords. A credit card number she used was stolen once but Kassandra said she had taken care then to change all her credit cards.

When she realized the app purchases had been made illegally via her iTunes account, she tried to contact Apple but could not find a dedicated iTunes customer service number to call.

"Getting to talk to an actual human being [at Apple iTunes] was a process," she recalled. "I e-mailed their customer service but I needed action to be taken immediately, so I called the main Apple customer service and just kept talking to whoever I could and asking to be transferred [to the relevant person]."

"They repeatedly told me to e-mail iTunes but I wouldn't take that for an answer," Kassandra said. Her perseverance was rewarded when she was transferred to a department handling Apple accounts and the customer service representative was helpful, she noted.

The representative then said the company would do whatever it could to resolve the issue but added that it was not possible for an iTunes account to be hacked. "I found out that wasn't true when I searched online and found that many people have experienced their accounts getting hacked into," Kassandra said.

She noted the Apple representative told her the bank would handle the money issue. However, she added that her bank had to contact Apple to dispute the charges, which racked up to over US$400. She added that she made frequent calls to the bank to make sure the dispute would be managed smoothly.

Kassandra said: "At one point, the bank was not going to take the charges off because it said the purchases 'were similar to my purchase history with Apple'."

While the dispute was eventually resolved, the incident has made her nervous about making purchases online. "I do not feel safe," said Kassandra.

Another mobile user, Nicole Nilar, shared that while she is not worried about online security when buying apps, she is more concerned about purchasing fake applications. A senior digital marketing executive who owns an Android phone, Nilar told ZDNet Asia in an instant message interview that she had heard about illegitimate applications masquerading as real applications in Google's Android Market.

"The developers rip off the screenshots of popular apps and sell them at a high price. It's only after buyers have made their purchase before they realize they paid US$6 to US$8 for only a wallpaper," she said.

While she noted that Apple might be too strict with its app ecosystem, she said Google should take a few leaves out Cupertino's book and implement measures to ensure apps on its marketplace are legitimate.

Editorial standards