Even if (1) and (2) could be explained by the Dash developer helping someone else get started, (3) and (4) are more difficult to justify. Especially (4) because the bundle identifier is an arbitrary string and there's no real reason for different people to use the same one. But also (3) because it means the Dash developer was receiving payments for the apps being sold by the fraudulent account (i.e he was financially benefiting from the fraudulent activity).
Based on these factors I think it's entirely reasonable for Apple to conclude that both accounts were being controlled by the same person.
1. Credit card used to pay the annual developer fee.
2. Test devices.
3. Bank account used to receive payments from Apple.
4. Bundle identifiers used to uniquely identify each app. (http://i.imgur.com/NljOzF4.jpg)
Even if (1) and (2) could be explained by the Dash developer helping someone else get started, (3) and (4) are more difficult to justify. Especially (4) because the bundle identifier is an arbitrary string and there's no real reason for different people to use the same one. But also (3) because it means the Dash developer was receiving payments for the apps being sold by the fraudulent account (i.e he was financially benefiting from the fraudulent activity).
Based on these factors I think it's entirely reasonable for Apple to conclude that both accounts were being controlled by the same person.