iTunes store account hacked

Imp 68,

If your comment was aimed at me then I may be lucky so far with my Apple account but with my unusual first name then I have been the victim of ID theft twice now.

My comments on here are to try and help others avoid their Bank Card details being taken when their iTunes account gets hacked and also to avoid huge purchases being racked up by the fraudsters.

ONe day my luck will change but as I keep bank account details from iTunes then they will only get the amount of credit I have in iTunes to play with.

Mark

Not sure how you'd think I was responding to you when I quoted a sentence which wasn't yours...

That's called "Apple passing the buck." I've never had any other fraudulent transactions occur on my source funding account, which was not a credit card. Itunes is clearly the source of the problem, and if they want people to link accounts to them, they should have better account security. Apple keeps pretending this isn't their problem, but there are complaints from people all over the internet, people with different credit card companies, Paypal, and other accounts used as funding sources. Numerous, different funding sources, all with the same fraud occurring. Common denominator? Itunes. Itunes is clearly the weak link in this equation. Clearly the source of the problem, no matter how much you attempt to deflect the blame.

"That's called "Apple passing the buck.""

No it's not.

It's called the credit card company doing exactly what everyone (you included) agreed to.

When a purchase is made, it goes to the CC co. They validate the card, assure it has not been reported stolen and authorize the purchase.

The interest you pay on your purchases and the fees charged to the store goes to insuring it all works as it's supposed to. If it doesn't, part of the interest goes to paying for the charge because they authorized it.

You didn't have your CC in iTunes and the charge was authorized by the CC company so how is it Apple's fault?

I found out my account got hacked when I fixed more money on my Apple ID and I really need help can someone help me get the money back or help me get my account back please I really need ur help

Alexda12345 wrote:

I found out my account got hacked when I fixed more money on my Apple ID and I really need help can someone help me get the money back or help me get my account back please I really need ur help

Contact your Credit card company and contact -> AppleID account security.

My iTunes account got hacked again. This time to prove it was just Apple, I took my new Discover card number and did not use it for anything but my iTiunes account. Today I get a call from Discover questioning purchases from iTunes which were all not mine. Plus they tried to use my card on Walmart.com. The key I want to stress is I never ever used my Discover card except with Apple. So how do these hackers get my card number from iTunes? iTunes does not disclose the full number when you view the account. I also had a very complicated unique password for my iTunes account.

In order for some to even make a purchase from a new device in the first place, they'd have to know your security question answers. Odds are it was someone close to you or your questions/answers are far too obvious. Not apples fault. Plus, for your case to hold any water, you'd have to prove how they got your password, which you have not done.

I don't have any family except my 80+ year old Mom who has no idea how to use computers. My security questions are far from obvious. I am also a Unix admin/programmer, so I am more than familair with IT. If you were to google how many times iTunes is hacked you would see Apple has an issue. Of course Apple has many customers who don't use good passwords and will get hacked, but in my situation it's not the case.

After my first iTunes account hack, I went through the entire account, changed my security questions, made a very difficult password and it got hacked again. Apple has a security hole in iTunes.

To add to the frustration Apple will not help you on the phone when your account gets closed. You have to open a ticket with their web system. It stinks. And their history of billing is very awkward to work with when your credit card company needs to review your recent charges to see where it went bad.

Another issue, why can't Apple send an email within a few minutes that an iTunes purchase was done? It takes days for Apple to send that email. There is no reason for it. If I knew the same day my iTunes account was hacked it would be easier to stop the non-sense.

And how do they get your full credit card number from iTunes to begin with?

iTunes doesn't store your CVV number. When you first add it, they ping your card issuer to verify, then it's gone from the system. The fact they tried to use it in another website sounds like your computer might have a logger and is comprimised. With that, passwords and card info is stolen.

Also, you can take screenshots if your purchase history with only 3 steps. You can also call Apple to get help with your suruation at anytime. They have a team for this exact issue.

You get an email about a purchase only once your credit card company pays apple which can take a few days, but when a new computer is used, they email you within minutes.

If I were you, I'd scan your computer for loggers and make sure the network you're using us also secure. It's more likely that Joe Citizen's computer is comprimised than Apple's elaborate security system.

That's the problem with the excuses people make for Apple. You're doing everything you can to blame it on other causes, when I know for certain that no one else had my password, I work from home where no one else could access my computer, it's not written down anywhere, no one else is in the house, and it's different from any other logins and passwords I have. Even if I was hacked on other sites, no one would have my Apple ID, password, or my funding source that is not used anywhere else. The only source for hacking in my case was Apple, being hacked internally. You baselessly assume other people are clueless and don't know how to create strong passwords or protect their information. Well, in the case of trusting Apple, you'd be correct that people are unwise, but the other fingerpointing, blaming weak passwords, "other people close to you", blaming it on this credit card company, that one, Paypal, and whomever else, is just ridiculous. Apple is the common denominator and the obvious source of the problem. It's the total lack of accountabilty on Apple's part that is most concerning.

If my computer was compromised why are my Visa and Master cards not taking any hits? I buy from numerous web sites using Visa, MC and Paypal and none of them are being compromised. I never used my Discover card on my PC, it's used to buy apps for my iPad. All of the info for Discover was entered on the iPad. I intentially did this to prove the problem is with Apple. The card info was also entered over a year ago, if they would have somehow grabbed it during entry they would not wait that long to abuse it.

Now the other issue is my iTunes account. I am not sure it was used for yesterday's purchases, it appears my card was used on iTunes to purchase songs. So far Apple has not locked my account. Last time this happened my account was locked until I opened a ticket to get it reinstated.

I also for your info run Malware Bytes on my PC. It's an excellent scanner and I have never had an issue where my computer got compromised.

Was your own iTunes account used to buy the songs?

If so, then they do have your password and it doesn't matter that you added the info using an iPad over a year ago. Your card is on your account until you remove it, so it's likley that they just accessed it recently and did not have access prior to this time. It's not like they "waited" a year, they just did not access your account until now and just got that access now--using your password. If MalwareByttes does not have access to your computer's root, then it would be useless against some keyloggers. Also, who is it possible that you got an email you thought was from Apple, clicked a link in it, then entered your information onto a fake webform. That happens all the time.

If you want to see if your account was used to buy the songs, sign in and check your purchase history. You don't have to wait for reciopets. http://support.apple.com/kb/HT2727

Apple won't lock your account until you email or call to say it was used and that you never allowed it to be used. It's not thier job to determine who is using your card or stop someone from signing in and buying things- that is what an account is for. Here is how you contact them about this: http://support.apple.com/kb/HT5699 ( it elads to a phone call)

In the end, the whole thing does suck. Yes, I am an Apple customer and fan of them, and realistically I can assume that my information is safe with them--as long as my computer is safe from all malicious software and I know how to avoid phishing emails. No one is perfect.

Whatever though... no one on here wants to accept that they could have been duped or that thier computer's are not perfect.

** Hope you have the paid version of Malware bytes because the free one is ultimatly garbage.

Just in case you want to read about legit emails from Apple:

http://support.apple.com/kb/HT2075

http://support.apple.com/kb/HT4933

Best option for any customer:

Two-Step Verification:

http://support.apple.com/kb/ht5570

I am done with this thread. No one in the world wants to accept that things like this happen at the user end and just want things to come easy, safe and blameless.When something happens, they tend to point at the vendor, when that is not the case. The vendor has hyper-secure, updated systems and is encrypted to the max. They have more security than the average person.... but it has to be thier fault right?

TunesFan, you can continue all you want to think I may have clicked a link from a phishing email or some other stupid move but it's simply not the case. I am no casual user here. I am highly trained UNIX programmer and database guy with plenty of other IT skills. I make a firm rule for myself to never click links in any emails. If I get a notice to pay a bill I manually bring up the site to pay it. Any other stupid email where they want to verify my account info enters the trash bin immediatetly.

This is 100% an Apple security issue. Just look at this week how email attachments are not encrypted in iOS 7. What about the ssl bug that Apple had a few months ago. Apple has always been behind the curve when it comes to security. They make gorgous products but secuity is not one of their strong suits. I also have an Android Nexus 7 since it first came out. I don't get any security issues on my Google Play account, and I have bought several apps over the past 2 years on that account.

What nobody is explaining is how they got my full credit card number since I never ever had that card near my PC. iTunes and Walmart.com were used yesterday to make (attempt) fraudulent charges on my card. All the Walmart charges were declined. The Walmart charges happened before the iTunes charges plowed away racking up charges. Why was Walmart declined and not Apple? iTunes is the fault here, not the user.

Email attachments will be encrypted via an update to the iOS... ALSO... to even gain anything from that bug, a person would have to physically have your iOS in their hands, and then connect it to a computer, use third party software to extract the IOS system file, then extract your mail and attachments. So, "highly trained UNIX programmer and database guy", get your information correct before you spew it.

The issue with SSL was only an issue if a user was using an unsecured wi-fi network--which no one with half a brain should do anyway. That issue could only be a problem via a man in the middle attack wherein the person on iOS was directed to a fake site. The man in the middle, on the unsecured wi-fi network (likely at a hipster coffee shop or bookstore), could re-route the user to that fake site... but the user should realize the site is fake and not enter any personal info.

Funny how "Apple has always been behind the curve for security". I have 3 PCs and a Mac and the PCs are not secure even with MS's own security software running; that is, if I choose to ignore basic facts and phishing scams, and don't use something to prevent logging, and remove the security on my wi-fi network. Yes, the Mac is amazing. No issues there.

You chose to ignore everything I said about keyloggers. Is your Malwarebytes the free version? If so, it's useless.

Funny how Apple is to blame when Discover declined charges at Walmart but not in iTunes. Why did Discover allow the iTunes charges? You might want to ask them that. Apple does not control your card and how it's billed and whether or not Discover chooses to allow charges to process or not--Discover allowed it. The vendor does not authorize payments.

Good day to you "highly trained UNIX programmer and database guy". I'll assume that you can't name your employer etc., just as I can't -- I am also highly trained. It's a secret though, so goodluck with that. (if you really are highly trained, I am sure you'll find me)