[WASC-WHID] WHID 2011-67: Hackers attack iTunes

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:15:57 EDT 2011

*Entry Title: *WHID 2011-67: Hackers attack iTunes
*WHID ID: *2011-67
*Date Occurred: *April 4, 2011
*Attack Method: *Brute Force
*Application Weakness: *Insufficient Anti-automation
*Outcome: *Fraud
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *
*Incident Description: *Hackers have taken control of the iTunes accounts of
many users, using them to make fraudulent purchases.
Cyber criminals are able to crack the accounts by using brute force attacks,
where an automated system tries thousands of popular passwords with each
account name.
*Mass Attack: *No
*Reference: *
*Attack Source Geography:*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/4997ef55/attachment-0003.html>

More information about the wasc-whid mailing list