Hackers Hit iTunes Accounts, But How Are They Getting In?

While some reports say a security hole in iTunes itself is to blame for the incidents, other reports say the attacks are coming through user PayPal accounts. Some reports blame a phishing scam that's been around for months.

The number of thefts appears to be on the rise, judging by the growing number of complaints posted on Facebook and Twitter.

"Everybody watch your iTunes accounts closely. I just got hacked for almost $1,000 worth of software, videos and music. Hopefully PayPal will refund it all," wrote Dustin Hall in a Facebook posting on Sunday. "This happened within the last few hours. One transaction after another."

On Sunday similar thefts were reported on the Website of the San Jose Mercury News.

On Monday TechCrunch reported that "a major security hole in iTunes accounts linked to PayPal" had allowed scammers to charge thousands of dollars to iTunes accounts through PayPal.

But a column posted Monday on the All Things Digital Website argues that the problem isn't iTunes security, but is instead the result of gullible users who have fallen prey to a phishing scam. Apple has asserted there is no security hole in iTunes, according to the column. Victims of the scam need to work with their credit card issuer or payment processor to issue a chargeback and to change their iTunes password immediately.

Some iTunes phishing scams have been around since early 2009.

PaylPal has reportedly been reimbursing people for their losses, according to a report on AppleInsiderand on the BBC News Website. But that story also said PayPal has said the hacking problem "is happening on the iTunes side," and referred inquiries to Apple. An Apple spokesperson told the San Jose Mercury News that they are aware of the problem.