The 400 iTunes accounts Apple admitted were hacked by a rogue developer to boost his ratings may be just the tip of the iceberg, say experts.
Apple banned Vietnam-based developer Thuat Nguyen from the iTunes App Store after users complained they had been charged for Nguyen's electronic books they had not purchased.
Apple insisted that the iTunes servers had not been compromised and that only 400 of the 150m iTunes users were affected.
But Nguyen's rise in book rankings from 50 to 21 in three weeks would have required thousands of purchases, according to the Financial Times.
Security experts said evidence suggests many thousands of accounts could have been compromised by automated attacks.
Some said it would also be naïve to think that Nguyen was the only developer who had used such attack methods to manipulate rankings.
Apple has responded to the incident by improving the security around its online ordering process. It now requires customers to re-enter the security codes on their payment cards more often.