By Jesse Emspak: Subscribe to Jesse's RSS feed
July 5, 2010 11:43 AM EDT
Two of the most popular sources of online content and applications were attacked over the weekend by hackers.
YouTube and Apple's iTunes App Store were both targeted, though in very different ways.
According to reports in the tech blogosphere, a hacker attack on Apple's app store may have hijacked users' accounts. It appears that for a time, the top selling books on the iTunes App Store were in Vietnamese, from a seller named Thuat Nguyen, as reported by the blog Engadget.
A number of customers reported their accounts were hijacked on the Macrumors forum, with charges showing up that the user never made. At least one user, "zukernik," reported that on a site called taobao, which like Ebay offers goods for auction, was selling iTunes accounts.
Apple had not yet responded to the issue as Apple customer phone lines were switched off due to holiday weekend and could be contacted only by e-mails.
Follow us
Meanwhile, YouTube was also attacked, with the hackers focusing on Justin Bieber. The attack may have sent users to web pages with malicious software, though no problems have been reported yet.
The attackers incorporated code into YouTube pages devoted to the singer. As a result, users were greeted with vulgar messages about Bieber, and were also redirected to external sites that contained adult content.
The hackers were able to pull off the attack using a cross-site scripting, or XSS, vulnerability, which affected sections in the Web site where users post comments.
An XSS attack is one in which a hacker might craft a false web address that sends the user to the correct page (in this case YouTube) but runs malicious code in the background, unbeknownst to the person visiting the site. Users might also be sent to another site entirely. Such attacks often involve pulling data from cookies, small files used by Web sites to identify returning users.
The company, a subsidiary of Google, reassured users that YouTube cookies couldn't be used to access Google accounts. Nonetheless, YouTube users are advised to log out of their account and log back in again.
In spite the fact that the attack itself didn't involve malware infections, users may be at risk when they visit any Web page, especially the ones attackers redirected users to. It is not known if the destination pages contained malware, but most anti-virus software can handle such threats.
Both Google and Apple have been the targets of attacks in the past. Google's servers in China were subjected to what the company called an organized attack in January; last month 114,000 iPad owners e-mail addresses were harvested by hackers via a loophole in AT&T's Web site.
iOS 5.1.1 Untethered Jailbreak Released: How To Use Absinthe 2.0 On iPhone 4S, iPad 3, iPod Touch And More [VIDEO]![How To Root Samsung Galaxy S3 [Tutorial]](http://img.ibtimes.com/www/thumb/mainpage/273544-7458-will-samsung-galaxy-s3-outshine-sony-xperia-p.jpg)
How To Root Samsung Galaxy S3 [Tutorial]![iPhone 5 Rumors: Apple Testing 3.95-Inch Prototypes Internally [REPORT]](http://img.ibtimes.com/www/thumb/mainpage/274526-7458-apple-iphone-5-to-feature-bigger-screen-production-to-begin-in-june-fo.jpg)
Reasons Why iPhone 5 Will Have 4-Inch Display
Yahoo Kills Livestand; Focus Shifts to Mobile Products
Galaxy S 3 Specs and Features' Top Five Potential ProblemsWe value your privacy. Your email address will not be shared.
