Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iTunes store account hacked

I'm posting this just to share my story and get reactions. It's a little detailed but I thought worth sharing.

On November 23, 2010 I purchased a single song from the iTunes store for .99. I used store credit that I had from a gift card I received last year. It was the first purchase I had made since July 2010.

On November 25, 2010 I received a receipt for 2 more separate orders to my account. These were for over $50 in iPhones apps. Here's a sampling of some of the purchases:

1 eREAD isoshu, v1.5, Seller: ChengDu YueTong Internet Information Co. Ltd (17+)
2 Plants vs. Zombies, v1.3, Seller: PopCap Games, Inc. (iDP)
3 Monkey Island 2 Special Edition: LeChuck's Revenge, v1.1, Seller: Lucasfilm International Services Inc.
4 Asphalt 5, v1.2.6, Seller: Gameloft (9+)
5 Let's Golf!® 2, v1.0.1, Seller: Gameloft (4+)
6 Frames & FX for Photos, v2.5.1, Seller: Imikimi, LLC (12+)
7 Stenches: A Zombie Tale of Trenches, v1.0.1, Seller: Thunder Game Works (9+)

I do not have a credit card linked to my account, so these were made using my store credit.

I have only 1 computer authorized for my account (my personal home computer). I live alone and no one else touches my Powerbook but me. I also DO NOT own an iPhone, so I would have no interest in apps.

After I saw these bizarre purchases, I checked my account. I noticed 2 strange things: My account information had changed: My street address was correct, but city, state and zip had changed to: Towson, MD 21286-7840. I have never lived in Maryland. Also, I noticed that my password recovery answer had changed to "Murray" in response to a question about my mother's maiden name. That's decidedly NOT my mother's maiden name. Also, my birthdate had changed to an incorrect month and day.

I immediately changed my password and my recovery question/answer challenge.

I reported problems on all of these purchases and also contacted iTunes Account Support by e-mail.

Within 24 hours I received an e-mail from "Vicki" at iTunes Customer Support. She wrote:

"When reviewing over your account "name@domain.net" and the two reported orders, it shows that the content purchased within them was acquired from the computer that is currently authorized for your iTunes account. So I strongly advise that you do consult with those in your household regarding the purchases made, and the charges that resulted from those purchases."

Further:

"I have gone and reversed the charges for the two orders....You will see a store credit in three to five business days....Please note that this is a one-time exception, as the iTunes Store Terms and Conditions state that all sales are final."

I am pleased that Apple is refunding my store credit and replied so quickly.

However, it is simply impossible that these purchases were made from my computer. Again, my Powerbook is the only computer I have ever authorized to access my account, and I am the only person with access to it.

I am not sure how this happened. Any thoughts or similar experiences?

Powerbook G4, Mac OS X (10.5.8)

Posted on Nov 28, 2010 3:43 PM

1,958 replies

GaryQ

Level 1

0 points

May 6, 2014 3:14 PM in response to TunesFan

You keep harping on that keylogger. how many times do I have to state that my Discover Card was never entered on my PC. But just to ease your interest yes I have the pay version of MB.

You have yet to explain how a Discover card entered on an iPad that is only used on iTunes got hacked. My iPad is not jail broken.

TunesFan

Level 1

10 points

May 6, 2014 4:02 PM in response to GaryQ

Maybe you were using a crap wi-fi network over that wi-fi network and entered your iTunes details into iTunes (meaning account name and password)you were piggybacked. Maybe you use "personal hotspot" and it happend then; I can't be sure....Your info stolen at that time and they simply signed in later to buy songs using your account. Your Discover was not hacked. Your iTunes password was used. You never had to reset to get back in to your account correct? That means they used your password. That means that they had access to the network you used and took your info at that time-, they logged your info at that time and took it--which can happen on an iPad. Just becasue you added the card a year earlier does not mean they got access then.

Later, your Discover was comprimised, likley due to online banking, cloned by manual swipe (as mine was over Christmas). They tried at WalMart online and it was declined. The iTunes issue and Walmart issue are not a result of a comprimised iTunes account. Your security code is not visible in any way in iTunes and in order to get it, someone has to be watching you at the time you ket it in which is why I keep talking about loggers. They exsist for iOS as well. Monitoring apps that are running in the background when you type in your info can record and send those details to somewhere else (in older versions of iOS that has been proven, not sure about 7.1.1). Also, check out T.Flannery's comments here: https://discussions.apple.com/thread/3812507

If you really want to verify how it happend, Discover would need to tell you. They have the location origins of the transactions as well as the abilkity to trace the origin of the end user invloved. They too have entire departments who seek that info. They can give you that info they find if you get a court order. They likley won't give it to you because you don't own the card, they do and they just let you use it is all. Once you get more info, you can cross check everything for similarities to see if it was the same source and really narrow down how, when and where this all started. Then you can get a new card and try not to let this happen again.

I am just trying to help people be realistic.

GaryQ

Level 1

0 points

May 6, 2014 9:15 PM in response to TunesFan

Sorry but again not the case. I don't travel much with my iPad. If I do bring it along someplace it's just to play an offline jigsaw puzzle game that does not require an internet connection. I might attach to open wifi to play some Words with Friends. But I never ever enter data over an open wifi, I never bought an app on an open wifi. Any iTunes purchases (apps only, never bought songs or music) was done at home.

I do not do online banking with my Discover card except when the new card was issued about a year ago. I setup my account triggers and emails and that's the only time I was online with it. It's on autopay, I still get a paper statement and just review the paper when it comes in the mail. I never have to log into the account.

I can't seem to get it across to you that the CC number was entered once and only once. Even if they got my iTunes password how did they get my CC number? Apple only shows the last 4 digits.

May 7, 2014 8:19 AM in response to TunesFan

Sure, Discover might could tell them, or, far more efficiently, Apple could if they wanted to be accountble, but what they told me, and likely told this other guy, is that I would have to send a subpoena to the Apple legal department to get information on location origins. A funding source just gets a request from Apple. Apple has the information on where the transaction was originally requested. Wouldn't it make more sense for Apple to actually answer the question, versus dumping an extra burden on the consumer and the third party funding source? That's the entire problem. Apple is passing the buck.

GaryQ

Level 1

0 points

May 7, 2014 8:52 AM in response to BlueSimone

From my last experience with Apple on my iTunes fraud issue Apple was 100% unwilling to help at all. They locked my account and told me they don't support iTunes on the 800 number. I would have to open a web ticket. I was beyond ******. Discover had no issues working with me on the problem, infact they even told me the iTunes problem is very well known issue and it's nothing I did wrong. But when I got my new card I made extra sure to strengthen my password and security questions and only use the card on my iTunes account. End result it did not help.

The web ticket with Apple was a disaster. SInce my account was locked I could not login. I get an email from Apple telling me to login to my account and change the password! Well how exactly do I that with the account being locked? I responded to the web ticket explaining my issue and got another email telling me to change my password again. After a few back and forths with the web ticket system I called the 800 number and blasted them. The person on the phone said they have no access to iTunes accounts and that's why they cannot help. So she opened a web ticket for me, and guess what, she got the same stupid answer to change the password. She put me hold, did something and guess what my account was finally unlocked. So they do have access or can at least get to the right people who can actually understand the problem.

The whole situation soured my overall Apple experience. And until someone experinces the problem, they don't have a clue how bad Apple support is.

The really interesting issue this time is so far my Apple account has not been locked out. What was different this time? I am going to guess that my account was not breached, the hackers got the number from the iTunes server and sold the number. Apple has no clue here, just that charges were denied when buying something iTunes. And that's been my point in my last few discussions with TunesFan that the security problem is on the Apple server, not the client side.

Jul 6, 2014 5:54 AM in response to GaryQ

I was hacked by someone I think lives in Russia. They changed my title to Dr., changed the credit card information to a credit card that was declined, changed my zip code and then changed my phone number.

Now I cannot remove the fake credit card information because of the declined transactions. I have not even used my account since 2011 when I got rid of my iPhone. So not using it does not help one bit.

****** off on Sunday!