If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

400k in-app iOS purchases bypassed by Russian hacker

New service allows iOS users to bypass Apple servers for premium content, reports huge popularity in first 24 hours

A Russian hacker has launched a service that allows users to access premium iOS content for free.

According to a report on Ars Technica, the service re-directs payment requests for in-app purchases away from Apple's servers to one operated by the hacker, Alexey V. Borodin, with no need for jail-breaking.

Ars Technica notes that use of the service grants Borodin access to Apple IDs, passwords and other sensitive data, though the hacker responded that he doesn't use, log or monitor that information.

Borodin claims that the service hosted more than 400,000 transactions in the 24 hours following the launch of In-Appstore.com, and the security crackdown appears to have started already. In its first day, two IP addresses used by the replacement DNS server were blocked, though Borodin claims to be unsure whether Apple is responsible.

An Apple representative, Natalie Harrison, responded to the threat, claiming that Apple takes App Store security "very seriously" and that an investigation is in progress.

Related topics
Author
Matthew Handrahan avatar

Matthew Handrahan

Editor-in-Chief

Matthew Handrahan joined GamesIndustry in 2011, bringing long-form feature-writing experience to the team as well as a deep understanding of the video game development business. He previously spent more than five years at award-winning magazine gamesTM.

Comments