NEWS FROM THE LAB - Monday, July 12, 2010

Do you reuse your passwords? Posted by Sean @ 19:27 GMT

One week ago, TNW Apple published a story about Apple's App Store. It seems that some unscrupulous developers have been using compromised iTunes accounts to "App Farm" a profit from junk applications. TNW Apple's story was originally about Thuat Nguyen, but it rapidly expanded.

And so there was much speculation about the issue and we were asked our thoughts. Gregg Keizer of Computer World wanted to know if we had seen any increase in iTunes phishing. But while speaking with Gregg, we realized that you don't really need to phish iTunes… because the account names are e-mail based, you only need to collect phished e-mail account data and then try the same password with iTunes.

How many people use the same password for all of their accounts? About 20% according to one of our recent surveys. The survey was done in the Sweden, UK and Germany.

Survey results

Now some might think using the same password for e-mail and iTunes isn't a problem, because the store is linked to your iPod, right?

But there is a problem, the store is also linked to your credit card. The Nguyen case clearly demonstrates, if there's a will there's a way, to steal from your credit card.