UPDATED: Apple comments on iTunes fraud - dev banned, change your password
Apple has responded to that bizarre incident over the weekend involving a glut of Vietnamese, copyright-infringing book apps rocking to best-seller status on the backs of hacked iTunes accounts.
The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.
Good advice for this incident, great advice in general. Also remember to never, not ever, click a link in an email and log into an account. That's how social engineering attacks like Phishing scams work. Use a strong password (long, with numbers and symbols), keep it unique, and change it once and a while. Treat it as securely as you treat your credit card and cash -- because that's what it is.
UPDATE: According to Clayton Morris who followed up with Apple, about 400 users were impacted. iTunes's servers were not hacked. In response Apple will be increasing the frequency they require you to enter your credit card verification number going forward.
[Engadget, Clayton Morr]