Skip navigation

iTunes store account hacked

662602 Views 1,939 Replies Latest reply: Apr 13, 2014 10:39 PM by Chris CA RSS Branched to a new discussion.
  • aftermac Calculating status...
    Currently Being Moderated
    May 7, 2012 4:09 PM (in response to trailbossc)

    On top of everything you just said... why does Apple allow purchases to go through when they detect it is coming from an unauthorized computer! That is a massive security hole IMHO. Apple would rather allow the purchase to go through and deal with refunding you through a needlessly cumbersome process, then head it off when they detect the problem.

  • TunesFan Calculating status...
    Currently Being Moderated
    May 7, 2012 5:14 PM (in response to aftermac)

    Authorising a computer is to play your purchases--entering your password is to buy. Glad you understand how things work before you install, browse and shop ;)

     

    Help menu is up top and your user manual is free, online at apple.com just like mine is.

  • TunesFan Level 1 Level 1 (10 points)
    Currently Being Moderated
    May 7, 2012 5:18 PM (in response to trailbossc)

    Yet you continue to add gift cards to your account. Peculiar. Brilliant actually *thumbs up*

  • trailbossc Calculating status...
    Currently Being Moderated
    May 7, 2012 5:28 PM (in response to TunesFan)

    Only added one gift card a year ago, clown/troll, but I purchased more than one at that time.  If only your reading skills were as good as your finger pointing and peculiarly brilliant and witty sarcasm.

  • aftermac Level 1 Level 1 (15 points)
    Currently Being Moderated
    May 7, 2012 5:28 PM (in response to aftermac)

    Yet someone was using the illegally purchased content on an unauthorized computer. You're a flipping genius.

     

    Even if there was some chance, that I was the victim of a phishing attack two years ago... not likely... not allowing purchases on an unauthorized device is an additional step that Apple could take to protect it's users, but they choose not to.

  • TunesFan Level 1 Level 1 (10 points)
    Currently Being Moderated
    May 7, 2012 6:41 PM (in response to aftermac)

    Your password is the go ahead to buy-since they had it to buy, chances are that they also used it to authorise their computer. Some people don't author computers to play tunes; they have tricks that allow things to be played without a computer being authorised. More likely, they used your password to authorise.

     

    Let's say you use all 5 of your authorisations, your house burns down and now you got a new one and want to buy things but can't because you used all 5. What now?

     

    It doesnt matter anyway. Nothing, other than old iTunes songs needs authorisation anymore. It's all unprotected files when you make a purchase now.

     

    Either way, this whole topic is useless because everyone wants to blame someone else. I'm sure you're all great with computers.

  • TunesFan Level 1 Level 1 (10 points)
    Currently Being Moderated
    May 7, 2012 6:49 PM (in response to trailbossc)

    You're funny.

     

    Glad you realize that it's always your fault, always something you did and all that jazz; you'll be a great husband or life partner to someone one day.

     

    Anyway, thanks for the compliment about my wit and sarcasm; sorry for not reading what you typed up but I try to skim the bs aside and only focus on the points I need to attack. Guess I'll make a great wife or life partner someday.....

  • ewtaylor2001 Calculating status...
    Currently Being Moderated
    May 7, 2012 7:04 PM (in response to TunesFan)

    and once again censored by apple

  • aftermac Level 1 Level 1 (15 points)
    Currently Being Moderated
    May 7, 2012 7:21 PM (in response to TunesFan)

    Your password is the go ahead to buy-since they had it to buy, chances are that they also used it to authorise their computer. Some people don't author computers to play tunes; they have tricks that allow things to be played without a computer being authorised. More likely, they used your password to authorise.

     

    They didn't. When you log into your account you can see how many computers are authorized and the number was correct. All of my existing computers were still authorized.

     

    Let's say you use all 5 of your authorisations, your house burns down and now you got a new one and want to buy things but can't because you used all 5. What now?

     

    Well, then I would log into my iTunes account online and use the "Deauthorize All" option. That's why it exists.

     

    It doesnt matter anyway. Nothing, other than old iTunes songs needs authorisation anymore. It's all unprotected files when you make a purchase now.

     

    You miss the point. Myself and many others have stated that Apple notified them that a purchase was made from an unauthorized device. Regardless of what any Apple policies are or were, purchases should only be allowed on authorized devices.

     

    Either way, this whole topic is useless because everyone wants to blame someone else. I'm sure you're all great with computers.

     

    What exactly are your qualifications? I've been an IT professional for 15 years dealing with network and systems security among many other areas of systems administration - working with many platforms including MacOS X, Windows NT 4/2000/2003/2008, Solaris, and many flavors of Linux (Slackware, Debian, SUSE, Mandrake/Mandriva).

     

    My only point in this is that Apple COULD/SHOULD take additional measures to protect users, regardless of how their personal information was obtained. It wouldn't be that difficult. If you don't at least agree with that, then yes, all of your replies to this topic have been useless.

  • zerg1234 Calculating status...
    Currently Being Moderated
    May 7, 2012 10:47 PM (in response to ewtaylor2001)

    Totally agree with additional measures.  How hard could it be to add an email step to purchases from unauthorized machines?  Seems like that would resolve a lot of the problems that show up on this thread.  Personally since being hacked I stopped purchasing things from iTunes and instead buy my music from amazon.  They have excellent customer service plus they are quite cautious with account info (you wouldn't have this problem on amazon because you are forced to re-enter your credit card info from any new ip addresses).

  • KlaBaa Calculating status...
    Currently Being Moderated
    May 15, 2012 9:47 AM (in response to stereocourier)

    Yesterday I bought 1 in-app purchase, costing me €0,79

     

    Today, my account has been cleaned out by in app purchases from 4a vulcano computers....!

    And I can't report a problem with the purchase, coz i don't have the app i supposedly made the in-app purchases from...

  • waterga Calculating status...
    Currently Being Moderated
    May 15, 2012 11:58 PM (in response to stereocourier)

    Add me to the list of accounts that got hacked.  The hacker managed to change ALL of my account details: birthdate, all security questions, my email address, cc info, etc.  They kept my name in there.  I just find it strange that when changing security questions, email addresses that this does not generate an email, does not require an email confirmation to change.  They must have changed the zip code so that their billing would go through I'm not really sure how they managed to use my name with their credit card though...  maybe identity theft is at work too here.

     

    It's impressive that Apple doesn't have better procedures in place to prevent account compromises.

    For all I know they were able to get into my account with a tool that probes until it finds the correct birthdate.  Impressive. Billed To:

    <email address>
    Ben----- -------
    ---- ---------- Rd.
    Nipomo, CA 93444
    USA

    Order Number: -------------
    Receipt Date: 05/15/12
    Order Total: $9.99
    Billed To: ----....3044

     

    Haypi Dragon, 120 Haypi Coins Pack
    Haypi Co., Ltd.In-App Purchase$9.99


    Subtotal:$9.99
    Tax:$0.00

    Order Total:$9.99


  • JJinBrisbane Calculating status...
    Currently Being Moderated
    May 16, 2012 2:33 AM (in response to stereocourier)

    Hello from Down Under. 

     

    I am a brand new Apple user after using PCs for many, many years.  Last night I registered in the App Store and this morning found that someone had hacked into my account and downloaded a movie.

     

    I have never had this happen in all the years I used a PC and although I'm not naive enough to think it couldn't happen, it is alarming that it has happend the very first time I registered details on line with Apple.

     

    I will contact them...and the amount isn't huge but I am still a very disappointed new Apple user.

  • JJinBrisbane Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 16, 2012 2:43 AM (in response to trailbossc)

    ...and again from Down Under.  You made me smile and that's a good thing.  Yes, I too have eleventy billion other accounts which have never been hacked...just my very first visit to the App Store (where I only registered - didn't buy anything).

     

    I have a little mantra which stands me in good stead...'it always good to have someone to blame'  And you know what, in this case I'm blaming Apple.  I didn't do anything different from what I might have done in using a PC for the past many, many years. 

     

    I am disappointed when people assume that there are so many of us out there who are dummies and don't know/understand anything...and they do.  It must be hard to be humble when you are perfect in every way!!!

     

    Hasn't happened as a PC user.  Why now?  Apple must have some big holes in security...that's all I can think from my lowly, former PC perch

  • Smoothvirus Calculating status...
    Currently Being Moderated
    May 16, 2012 8:28 AM (in response to stereocourier)

    Well it has happened to me as well. On Monday evening I purchased three songs off of iTunes from my PC. The next morning I get a message on my iPhone that I had downloaded an app from a computer. I was at work at the time and had not downloaded any apps. I logged into my iTunes account and changed the password as quickly as I could.

     

    I certainly have not been phished because I am wary of such things and have not had any requests to enter my iTunes password anywhere, certainly not on any of my PCs. A virus seems to be pretty unlikely as well. In fact the only device I regularly use my iTunes password with is my iPhone.

     

    Like others the hack in my case seems to have come out of China. The hackers purchased some Chinese game apps and then made in-app purchases with them. There was some kind of "world soccer" game and then a game with anime characters but it's all in Chinese so I cannot read it.

     

    One interesting note, the credit card used was NOT mine. This information was changed on my iTunes account. I am guessing that the card they used was probably stolen.

     

    I did spend a couple of hours on the phone with Apple support and they did take care of the issue. But it would appear that something is afoot because my experience mirrors the many others here. So I will add my tale as another data point.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (39)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.