400k in-app iOS purchases bypassed by Russian hacker
New service allows iOS users to bypass Apple servers for premium content, reports huge popularity in first 24 hours
A Russian hacker has launched a service that allows users to access premium iOS content for free.
According to a report on Ars Technica, the service re-directs payment requests for in-app purchases away from Apple's servers to one operated by the hacker, Alexey V. Borodin, with no need for jail-breaking.
Ars Technica notes that use of the service grants Borodin access to Apple IDs, passwords and other sensitive data, though the hacker responded that he doesn't use, log or monitor that information.
Borodin claims that the service hosted more than 400,000 transactions in the 24 hours following the launch of In-Appstore.com, and the security crackdown appears to have started already. In its first day, two IP addresses used by the replacement DNS server were blocked, though Borodin claims to be unsure whether Apple is responsible.
An Apple representative, Natalie Harrison, responded to the threat, claiming that Apple takes App Store security "very seriously" and that an investigation is in progress.