As coverage of the apparent hack of the iTunes Music Store expands, so have the reports from readers. The newest round of reports indicate that the issue is not limited to the US: Betanews has been able to identify victims in at least five foreign countries. Worse yet? It's no longer just Sega's Kingdom Conquest anymore: several other games have now been identified. Betanews first reported about the spreading hacks one week ago.
To date, reports have been received primarily from the US. However, since then reports have been received from Britain, Ireland, and Germany. Betanews has also been able to source reports through its investigation to New Zealand and Canada as well. Since the reports are not centered to one particular region per se, it's likely this has become a worldwide problem for Apple.
Reader reports also have begun to become more diverse in the games they describe to be the source of their woes. In addition to Kingdom Conquest, fraudulent transactions have been sourced to Storm8's World War, and Kamagame's Texas Poker. An investigation continues into whether or not other titles could be affected.
With Apple all but silent on the issue, it has been difficult to determine what may be the source of the problem. However, with the quantity of reports received now numbering over three dozen, a pattern has emerged: every game targeted is a free download, and the fraudulent charges are all due to in-app purchases.
For this reason, Betanews now has reason to believe that this particular hack affecting iTunes is likely sourced to an exploit existing in Apple's in-app purchasing mechanism. It is the only similiarity between every report received.
While a majority of users reporting in as victims have had their iTunes credit balances drained, some also saw fraudulent charges to linked credit card and PayPal accounts. While an issue may exist there as well, it's likely not the primary cause of the hack.
Repeated requests for comment from Apple have gone unanswered as of press time. Requests for comment from game developers affected were also not returned.