A Russian hacker has launched a service that allows users to access premium iOS content for free.
According to a report on Ars Technica, the service re-directs payment requests for in-app purchases away from Apple’s servers to one operated by the hacker, Alexey V. Borodin, with no need for jail-breaking.
Ars Technica notes that use of the service grants Borodin access to Apple IDs, passwords and other sensitive data, though the hacker responded that he doesn’t use, log or monitor that information.
Borodin claims that the service hosted more than 400,000 transactions in the 24 hours following the launch of In-Appstore.com, and the security crackdown appears to have started already. In its first day, two IP addresses used by the replacement DNS server were blocked, though Borodin claims to be unsure whether Apple is responsible.
An Apple representative, Natalie Harrison, responded to the threat, claiming that Apple takes App Store security “very seriously” and that an investigation is in progress.