then I don't see how this is apple's fault.

 

I assume you're not suggesting that Apple's official in-app purchase feature sends users' credentials to the app owner, rather than to Apple to enable the requested component. I assume you mean that the app was written to pretend to be an Apple sourced prompt for credentials. Basically, a normal phishing scam.

(For what it's worth, by they way, Google has already exercised their remote kill switch for an Android app, so it's not entirely chaos in the Android world.)

 

That's just the normal way things work these days. A charge for three-hundred-something dollars from Walgreens showed up on my credit card - I never shop there so I knew it was fraudulent. Going to Walgreens to get money out of them - well I guess I could have tried, but I doubt they would have done anything for me at all, and it was extremely easy to just mark it as fraudulent on my credit card bill and let the bank do their little investigation, and ultimately take the charge off my bill.

 

My wife's iTunes account was hacked and I am at a loss as to how. I am assuming the passwords are stored in AT LEAST a 256 bit hash. There's no way your average hacker is cracking a 256bit hash.

Which means they must have hacked our wifi but while WEP isn't the strongest, it's still not a trivial endeavor to crack it. Not to mention they'd have to wait around for her to enter her password. And btw that clear text pwd is going out on a secure connection.

Now her machine could have had a key logger, but I've ran several scans to no avail.