Hackers have taken control of the iTunes accounts of many users, using them to make fraudulent purchases.
Cyber criminals are able to crack the accounts by using brute force attacks, where an automated system tries thousands of popular passwords with each account name. Many people use the same passwords for their social media accounts, which are easily compromised, and the information can be used to hack other services including iTunes.
Security firm Kaspersky commented in its blog that Apple's iTunes service is not securely designed:
"While no single vulnerability has been linked to the fraudulent activity, there's ample evidence that serious holes in iTunes and its components aren't hard to come by. In early March, for example, the company issued fixes for almost five dozen security vulnerabilities with the iTunes 10.2 software update."
Apple has yet to comment on the attacks, and the scale is currently unclear.