It was a matter of time. It appears that iTunes gift cards have been cracked by nefarious types in China. The screen cap above is from eBay however. Unclear if this is an example of the pirated cards.
From TUAW:
This seems like bad news for Apple, to say the least. A few Chinese websites are now selling $200 gift certficates to iTunes for less than a few bucks, which means that it’s likely hackers have figured out the algorithm to determine gift codes on Apple’s music store. As with most online codes, iTunes gift certificate numbers are generated by a formula somewhere — figure out the formula, and you can generate your own codes (though it’s of course tough to do and highly illegal).
The good news is that this might be an easy fix for Apple: they’ll just have to re-figure the formula.
Um, yeah. If they could break it once before I’m sure it would be little time before this happened again.
So, have a good night all. I have some tunes to go and buy…er, never mind.
🙂
What’s the lesson learned from this? Don’t use an algorithm for generating gift cards? What’s the best practice on gift cards, pseudo-random non-algorithmic selection?
Gift cards are a key marketing device, we can’t just ban them from the business place, so how do we do this in a secure manner without getting pwned like Apple?
@ultramegaman
I think as much as it chafes, OTP — completely non-algorithmic — is the only real answer. Eliminate the predictability.
Of course, this model is not supported by the major gift-card clearing organizations so it becomes a DIY proposition.
:\
Broken-by-design is something that the payment card industry (GCs are part of the same pool of processors) seems to be ok with and in my experience, they do not take well to people pointing out their shortcomings.
~J