iTunes store account hacked

Forgot to mention that I also had a charge on my credit card for $1 (it was a test charge, at least that is what my CC company told me) so I cancelled that card and they are sending a new one. I won't be attaching it to my iTunes account though- EVER again!

On your receipt you can click on the "report a problem" link and report it. I have been waiting for three days with nothing more than a "we got your e-mail" e-mail. This is annoying and frustrating. I have been telling all my friends to change their passwords and remove their credit card info from iTunes.

You're doing all you can and going about it in the right way MrHughes. They finally re-enabled my account after 11 days, but still no refund of my stolen gift card and that's now 17 days and counting. I'm writing it off as a lost cause since iTunes support is almost useless with their laissez-faire attitude in this hacking debacle. Still amazed it's not in the news, but I guess money still talks...

MrHughes wrote:

On your receipt you can click on the "report a problem" link and report it. I have been waiting for three days with nothing more than a "we got your e-mail" e-mail.

If it is more than 48 hours, respond to the email and restate your problem.

I have been telling all my friends to change their passwords and remove their credit card info from iTunes.

If you had a credit card charged, you should contact your CC company and dispute the charges.

Also, make sure you change your security questions for your AppleID here -> Apple - My AppleID

I just wanted to follow-up and say that the service that I've received from Apple support has been fantastic. I had a response within 48 hours (and on a public holiday) and that my account was reset and refund processed within 24 hours.

I'm sorry to hear that some people have received poor service from Apple but that hasn't been my exprience at all.

I got hit today with this issue (for some poker game I never downloaded, purchased chips worth all but $0.18 from an itunes gift card I added to my account. I used my macbook to add the gift card, not a mobile device.

My request to technical support went through within an hour, and they deauthorized all computers from being able to use the account, and are giving me a refund for the amount lost. So, I am pretty happy with the response. Now to just figure out how this happened in the first place.

I got a bill for $43.99 for in game purchases on KingdomConquest. I never downloaded this application before. after recieving this bill I logged into iTunes to download my latest podcasts, it downloaded KingdomConquest, and put it on my iPhone when I synced, but that happened after I got the bill saying I purchased in game stuff.

I had a 50$ gift card on my iTunes account. That seems to be the common denominator. There seems to be alot of people on this thread that got billed from KingdomConquest and had a balance on their iTunes account from gift cards.

Just got hacked as well. $20 for an app called Lian Wo from the developer KANGBIN. When I first contacted them they tried telling me how to download it but after a second email they refunded me and disabled my account. Now I've change my password and security question and have sent an email back to them to reactivate it so hopefully I'm all good now. This is an ongoing problem that Apple really needs to look into and fix.

Same thing happend to me. There was an unauthorized purchase for Kamagames Texas Poker game which I did not even know existed.

Apple replied very quickly and refunded my money, but it is very scary that their system is so easily compromised.

My computer has been thoroughly checked and it was definitely not on my end. Thank God I never put a credit card on my account and all they did was clean out my store credit from itunes cards.

Apple needs to get a handle on this ASAP.

This just happened to me, account changed to Towson, MD and my balance wiped out. My wife was actually about to purchase an iPad 2 this week, but I told her to hold off until I get this resolved. I won't spend more money on their products while they have these issues. I haven't even made any purchases for a while on my account other than a couple of free movie trailer downloads.

Apple refunded the 50$ gift cards worth back to my account, took about 36ish hours, but now my account is locked so I cant buy things with it, sounds like that might eventually get fixed but its not clear when. Reading over the other posts here they removed the credit card from my account too, and also changed my town to Towson, MD. I ran full virus scans on both my home machine and my work computer and didn't find anything.

What I'm trying to figure out is how some one could make an in game purchase using my account and then have that benefit them for their account some how? Maybe there is some exploit in these programs that people are taking advantage of that lets them get around the fact that they are using some one else's account to buy this stuff?

What I'd like to see come out of this is some sort of optional additional security measure we could set on our accounts to help prevent this. For example make it so purchases can only be made from a iPhone those network MAC address matches one on file for the account. Or if making a purchase from a computer the iPhone has to be physically connected to the machine for the purchase to be valid.

The simple reason on how they profit from it is because its the developers or a group of people including the developer who hack the accounts, buy their own apps and make money. problem is there is no proof i guess.

On your last point they could include a feature like the optin setting on facebook where you recieve a email when you get logged into a new device or computer and options to block those and change your password.

This same thing happened to me on May 4. Opening iTunes showed Texas Poker beginning to download, and since I knew I had never even looked at the store page of the app, something was fishy. I checked my account, found the purchase order for the free game and 2 in-game app purchases. Then I found my billing info had been changed to Cockseyville, MD. I immediately changed my password and security question, then emailed Apple.

I poked around the internets and found this thread with some others, though this thread is the best example. We all have gift cards in common. Our passwords or security questions weren't compromised, yet an unauthorized person was able to change our info and drain our accounts. How?

Upon receving a reply from Apple, I had the standard form of repeating my info, purchases, etc with the standard change your password script, as well as my account had been disabled (I have no issue with that). In my reply, I gave specific information regarding my account, steps I took to find a problem on my end (two scans to determine if a keylogger/trojan/malware/etc; none found), checked which computers had been authorized and detailed it (2 are in use, 2 are in safe storage), and that I had also changed the password/security question.

The latest response? My account has been re-enabled, all computers are deauthorized, change your password/security question... again, re-authorize your current computer. Nothing regarding the actual security issue. I won't be tying any cards to iTunes nor purchasing anything from iTunes if this kind of security loophole/breach is not fixed. This kid of attack has been going on for at least 6 months, as attested by the start of this thread, and it is still being used? How? Why has this not been solved by Apple? How was my account info edited without it being an authorized computer? How was my security question answered by someone who did not know what the possible answer was - as I had written my own question and answer instead of using a standard one given by Apple - to be able to bypass a password?

If I get those kinds of answers from my support bot, then I will share them here.

I am replying to formally log a similar issue since Apple is in denial that they have a security problem.

This is the 2nd time this year my account has been hacked and my iTunes balance drained. Same MO as most of you with address changed to Townsend MD. I am a technically literate adult with 2 authorized machines in my home that are well secured with TrendMicro Security and LinkSys Modem Firewalls. My computers never leave my home and my iPod rarely does. Nobody could guess my password or security question. I deleted my credit card info from this account after the first time.

I rarely travel so is it a coincidence that the two theft incidences occurred shortly after I traveled and used hotel free wireless connections? Or is it that both times I also updated all of my Apps. Is there spyware on my iPod that is giving away my information? How can I even check for that?

I was able to get my iTunes balances restored by Apple after refering to message boards such as this (19 pages and counting - so thanks everyone for taking time to log the problems) to demonstrate this is a known problem. I was about to purchase 4 iPhones, but not sure I want more of my life and privacy tied to one of their devices when these problems exist.

Dear Apple: Stop glossing over the problem. Acknowledge you have security holes and get them fixed ! Until then, no iPhones for this family.

Yup, the security issues were ignored. The only 'advice' I got in this last email from Apple support is this:

...after your account was enabled, you must reset its password. I recommend that you reset the password in the follow iforgot link:

http://iforgot.apple.com

Thank you for choosing the iTunes Store as your source of entertainment. We truly appreciate your interest in the iTunes Store. Have a good day!

Yea, I won't be purchasing anything from iTunes for a long long time.