Skip navigation
This discussion is archived

Itunes store security breach?

8258 Views 20 Replies Latest reply: Sep 15, 2010 8:27 AM by mralarcon RSS
1 2 Previous Next
minimac51 Level 1 Level 1 (0 points)
Currently Being Moderated
Jul 5, 2010 8:25 PM
On the internet today were some articles that talked about a security breach in the itunes store.
Not many details were provided. I don't see anything official on the Apple website about this.
I hope that full details and recommended precautions for itunes store users will be provided soon by Apple.
mac mini, Mac OS X (10.5.6), airport express
  • supersalo Level 1 Level 1 (15 points)
    Currently Being Moderated
    Jul 5, 2010 8:40 PM (in response to minimac51)
    The articles were incorrect. There wasn't a store "breach". The user's whose accounts were compromised didn't have their accounts broken into on the iTunes store. Their passwords were taken from their computer (either malware, keystroke logger, insecure password, etc).
    Mac OS X (10.6.3)
  • geyien Level 1 Level 1 (70 points)
    Currently Being Moderated
    Jul 8, 2010 3:02 AM (in response to supersalo)
    Not sure you are correct there, supersalo.

    I use a Mac, not a Windows PC, scan regularly for malware and keystroke loggers and other nasties and know my machine is clean. I have a super obscure iTunes Store password (mixture of letter, numbers, symbols, gobbledygook, etc.). I was also one who had my account broken in to. So, what you say doesn't really fit, at least in my situation.
    MBP 15" 2.53Ghz 4GB RAM 500GB HD, Mac OS X (10.6.4)
  • JTurnerBurner Calculating status...
    Currently Being Moderated
    Jul 11, 2010 11:39 AM (in response to minimac51)
    I found 7 different itunes charges in my email inbox yesterday totaling $291 for apps that I never purchased. They were made within a few minutes of each other and I have since canceled my credit card, changed my itunes password and notified apple, but have heard nothing back from Apple other than an automatic email response.

    This is a real problem. I respect Apple but will be watching to see how well they handle this matter. So far, I am unimpressed. Apple doesn't seem prepared to provide the protection and care incumbent with an ongoing billing relationship like this.
    MacBook, Mac OS X (10.6.4)
  • Thomas Sjöholm Level 3 Level 3 (575 points)
    Currently Being Moderated
    Jul 11, 2010 12:59 PM (in response to JTurnerBurner)
    This is a real problem. I respect Apple but will be watching to see how well they handle this matter. So far, I am unimpressed. Apple doesn't seem prepared to provide the protection and care incumbent with an ongoing billing relationship like this.


    Yea I'm willing to agree in this matter.
    It's down to Apple to solve this in a nice way - or else it will be a major setback for Apple.
    Mac Mini 2.53 4GB Ram 320GB, Mac OS X (10.6.4), iPod Shuffle 2nd Generation, iTunes 9.2 (61)
  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    Jul 11, 2010 2:30 PM (in response to geyien)
    The iTunes store was not breached and your computer (most likely) did not have a keylogger on it.
    It is simply poor choice of passwords and iTunes makes it too easy to reset the password.
    Mac mini (mid 2010) - 2 GB RAM, Mac OS X (10.6.4), silver mini, blue mini, silver shuffle, iTunes 9.1.1 (12)
  • geyien Level 1 Level 1 (70 points)
    Currently Being Moderated
    Jul 11, 2010 10:36 PM (in response to Chris CA)
    See my comments above, I choose passwords that are super hard to guess or force i.e. obscure words from foreign languages, mixture of symbols and numbers and letters, lower and upper case, etc. You are too quick to defend Apple and assume the fault lies with the victims here, do you have proof that my particular password was "poor"? Do you have proof that the iTunes Store was not breached, beyond the fact that "Apple said so"?
    MBP 15" 2.53Ghz 4GB RAM 500GB HD, Mac OS X (10.6.4)
  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    Jul 11, 2010 11:29 PM (in response to geyien)
    You are too quick to defend Apple and assume the fault lies with the victims here,

    Am I? I did write, "and iTunes makes it too easy to reset the password."
    Do you have proof that the iTunes Store was not breached, beyond the fact that "Apple said so"?

    I don't believe Apple has stated one way or the other.
    Do you have proof they were?
    Mac mini (mid 2010) - 2 GB RAM, Mac OS X (10.6.4), silver mini, blue mini, silver shuffle, iTunes 9.1.1 (12)
  • stateofdenial Calculating status...
    Currently Being Moderated
    Jul 12, 2010 2:23 PM (in response to JTurnerBurner)
    I agree. Apple should at the very least provide better support for issues around unauthorized charges. My husband, son and myself all have iphones and we all had unauthorized charges on our accounts so I find it hard to believe that there was not a breach.

    My son made a big fuss about his unauthorized charges and Apple just disabled his iTunes account. Now they won't respond and we can't get his account to work any more at all.

    It's bad enough that we are paying the unauthorized charges but the iPhone is virtually worthless without being able to download apps and music. So now that my son can't use his iTunes account I feel like throwing all three phones away.

    We are loyal Mac users. Have been since the "Toaster Mac" in the 1980's. We use them for our business and our personal needs. I feel completely abandoned. I remember back in the 1980's when you could call 1-800-APPLE SOS and get support for free. They have gone a long way downhill in the support department since then.

    If we can ever get this resolved I plan to remove everyone's credit card information and just buy gift cards to set up on all of our accounts. At least there will be a limit to the unauthorized charges!

    Does anyone know how to actually talk to someone in the iTunes store? I have sent email after email and gotten no response at all.
    iMac, Mac OS X (10.5.8), +3 iPhones, 2 G5 Towers & a MacBook Pro
  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    Jul 12, 2010 9:58 PM (in response to stateofdenial)
    It's bad enough that we are paying the unauthorized charges

    Why are you paying for unauthorized charges? That should be settled by your CC company.

    There is no number to call for iTunes store support.
    Send an email and if you have no response within 48 hours, send another. Keep at it until you get it sorted.
    Mac mini (mid 2010) - 2 GB RAM, Mac OS X (10.6.4), silver mini, blue mini, silver shuffle, iTunes 9.1.1 (12)
  • Sherus Calculating status...
    Currently Being Moderated
    Jul 14, 2010 12:42 PM (in response to geyien)
    I agree...just my account hacked today for itunes APPS...totaling well over $1300.00. I'm using a MAC. NO way provided to discuss with a rep. All phone numbers direct you to the web. What if I had no access to a computer? Extremely POOR customer service, so very disappointed. Have to wait and see what happens with these. My bank has cancelled my card, I have to fill out police reports and unauthorized purchase forms.

    Ludicrous that there is no way to contact itunes... anyone else out there with this issue?
    MAC
  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    Jul 14, 2010 1:58 PM (in response to Sherus)
    What if I had no access to a computer?

    Then how would you be using iTunes?
    Mac mini (mid 2010) - 2 GB RAM, Mac OS X (10.6.4), silver mini, blue mini, silver shuffle, iTunes 9.1.1 (12)
  • rqueen Calculating status...
    Currently Being Moderated
    Aug 6, 2010 5:08 PM (in response to Chris CA)
    Look, Chris, if you're only intent when responding to a discussion topic is to be snarky then you ought to refrain from supplying your input - it does no one any good.

    I also had unauthorized purchases made on my iTunes account, on 7.15, for a total of 277.00. The responding email from Apple to my inquiry on the matter placed more emphasis on steps I should take with my card company than on looking into whether it was my iTunes account that had been hacked, and if so how. My card number was only used to make purchases at iTunes so I have to assume that the number was accessed thru my iTunes account where my card info is on file.

    And it HAS been frustrating dealing with this matter since there is no number you can call so that you can talk to someone about what's going on. Especially since, for legal reasons, there's only so much that can be done via emailing, as noted in the response to my initial inquiry:

    "I'm sorry that I can't be of further assistance with your request, but the iTunes Store does not provide any account information--including account activity and personal information--without a subpoena. We do this for your protection."

    Meanwhile my account has been disabled and will take several days to get it back up and running.

    My advice to anyone using the iTunes Store is to not keep your card information on file with it until Apple addresses this problem.
    MacPro, MacBook Pro, MacMini, iPhone, iPad, Mac OS X (10.6.4), 2 Apple 20" Cinema Displays, iPhone, Nano, Apple TV, Airport Extreme/Express
  • Chris CA Level 9 Level 9 (73,410 points)
    Currently Being Moderated
    Aug 6, 2010 5:38 PM (in response to rqueen)
    I'm not being snarky at all. Statements were made that did were inaccurate.
    My card number was only used to make purchases at iTunes so I have to assume that the number was accessed thru my iTunes account where my card info is on file.

    Once they have access to your account, they do not need the card number. It is linked to your account and they have the password which enables them to make purchases.
    Accessing your iTunes account will not show your card number. When you log in, you can only see the last 4 so they could not gain access to the full CC number to do anything else.
    However, that has been changed in the last week or two and you will need to supply the 3 security digits (I believe that's what it asks for) to do anything. And when you log in from a different computer, it will ask the same thing.
    My advice to anyone using the iTunes Store is to not keep your card information on file with it

    That has been my suggestion all along.
    If you wish to make a purchase, enter your CC number, make the purchase then immediately remove it.
    Mac mini (mid 2010) - 2 GB RAM, Mac OS X (10.6.4), silver mini, blue mini, silver shuffle, iTunes 9.1.1 (12)
  • adrianTNT Calculating status...
    Currently Being Moderated
    Aug 7, 2010 9:32 AM (in response to minimac51)
    *I just got hacked too today !!! *

    They used the saved PayPal preaproved payments to purchase.
    Around $50 until I noticed it and canceled the paypal payment agreement.
    I can say that password was not the strongest.

    I hope I can get a refund from PayPal.

    I used to laugh at people that got their payment info stolen because I sell software online and I see people asking for their money back very often.
    Now it happen to me ...



    <Edited by Host>
    Desktop Core 2 Duo, Windows XP Pro
1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.