iTunes store account hacked

My wife and I had our ITunes gift card credits stolen this week by KamaGames, LTD Texas Hold'em Poker in app purchases. 2 purchases to wipe out $22.98 in ITunes credit. The app had not been installed on any of our devices or our computers, yet it said we had made in app purchases. From the number of postings here, obviously, Apple has a big problem with either account security, in app purchase fraud, or both.

Denying that a problem exists will not help get it resolved.

We would have changed our passwords sooner, if Apple had notified customers that thousands of accounts had been compromised last year and were on sale in China. http://www.modernb2b.com/fraudulent-apple-itunes-accounts-for-sale-in-china/3421 80/

Michael from Colorado, that was the same purchase used to drain my iTunes card this last go round. I am doubtful it is KamaGames doing the theft, but rather the thieves playing games. Apple did give me my funds back after I pointed a few things out to them.

Chris CA - you are being sarcastic right? Sorry, I cannot tell for sure.

Apple's first line of defense is to blame the customer for mishandling their account by sharing it or having a weak password's and security questions and then sending out lame advice on how to protect ourselves. My experience is that you have to push back and fight for your dollars back. As a reasonably technical person I am pretty certain they can tell that the purchase is not being made from or downloaded to the authorized devices (IP's) on my account.

Of course the problem is compounded by the fact that there are people trying to scam Apple so they cannot just take everyone at their word, afterall, if everyone were honest we would not have a problem to start with.

Its not an easy problem to fix, but this is Apple's business and I feel they need to put alot more effort into resolving it based on the length of time it has been going on.

"Chris CA - you are being sarcastic right?"

Not at all. I've never seen anything from Apple stating that there was NOT a problem.

Just the opposite.

"As a reasonably technical person I am pretty certain they can tell that the purchase is not being made from or downloaded to the authorized devices (IP's) on my account"

But the device they a downloading to IS authorized, else they would not be able to download.

However it happened, they got the password to the account and authorized their device.

Yes, it is an issue that Apple needs to get a handle on and I'm fairly confident that they are looking into how to fix it/make it better.

They have already taken some measures in that users have to verify their account more often.

Regardless of what Apple does, there will ALWAYS be some users who make the problem themselves as the weakest part of any security is human interaction.

True, Apple isn't denying the problem but sure as **** isn't acknowledging it. I got the same treatment in that my password was hacked. F that. I was using lower & upper case, numbers, and a symbol. I never use public wifi so this is all bull. Took them 11 days to even re-enable my account after several e-mails. And STILL NO REFUND ALMOST 30 days later. Seems like they're encouraging these low life hackers. Just got a survey to fill out. Wonder if they'll get good grades/comments from me???

I've just had all the credit from 2 Gift Cards cleaned out of my iTunes account. I redeemed £30 last weekend, and got an email yesterday informing me of the purchase of Texas Hold'em Poker 500k chips. I checked my purchase history and the Texas Hold'em Poker app had been purchased on my account, followed by 2 related puchases of 1.5M chips and 500K chips. These were nothing to do with me.

What alarms me is that my account has clearly been compromised, and further more it must have been getting scanned for available balance for the new balance to be cleared out so quickly by the hackers.

This is clearly not an isolated or new issue...

- Why has Apple done nothing about it... if they cant fix it then they should at least warn their customers?

- Why are the companies responsible for these Apps still allowed to sell on iTunes?

It smacks of complete disregard for customers from Apple...

I am now seriously concerned about the overall security of the whole Apple set-up. I have an encrypted password store app on my phone in which I keep passwords for things like online banking...

How has this prolonged security vulnerability stayed out of the media for so long!?!?

I've just had all the credit from 2 Gift Cards cleaned out of my iTunes account. I redeemed £30 last weekend, and got an email yesterday informing me of the purchase of Texas Hold'em Poker 500k chips. I checked my purchase history and the Texas Hold'em Poker app had been purchased on my account, followed by 2 related puchases of 1.5M chips and 500K chips. These were nothing to do with me.

Apple refunded my £30. So appreciate that... although my account has been diabled so I cant spend it until I've provided them more info and they do some more "investigation".

No concrete answers to security concerns. No info on whether this is a known issue and whether just changing my iTunes password is adequate action to stop it happening again.

So don't suppose I'll be using iTunes any more... but that's not much of an option since I've got an iphone & ipad...

I've got hit also. Someone bought a Texas Holdem Poker 1.5M chips off the remaining prepay credit on my iTunes account... I quickly lodged a report to Apple and changed my password. I hope I get a refund quickly. Not very happy that this happened. I'm very careful about my usernames and passwords, but hey this stuff do happen ...

Strange thing is that I didn't get an email notification about this hacked purchase... Do in-app purchases generate email notifications?

I was also hacked shortly after entering a gift card. They drained my whole gift card and I am fighting to have the credit returned to my account. Despite what some people say in these discussions, Apple has a problem and it IS apple's problem. I change my password every 3 months and I use the longest password I can, with numbers, symbols, lowercase, uppercase and I have never been hacked in the 20 years that I have been online, until now.

I am going to look into Amazon for music downloads from now on and I won't be buying any itunes giftcards either!

Hi Ageless Nana:

Great response...and I bet they totally ignored it didnt they?

My responses to Chandra, Injit and a host of many other overseas 'customer support persons' was dealt with worse than someone with English as a Second Language; it was dealt with in the same cold, robot disinterest everyone else got AND with the impression they felt happily safe being 'over there' where anger cannot touch them.

Apple doesnt seem to give a rip, and they dont think twice about accusing every one of us for 'being the problem to our own problem', as you pointed out. Hugely offensive on Apple's part to allow this pathetic kind of scripted customer service response to be used. It is also of note to point out the shallow training they are giving their people now... also noted when I went into the Apple store and found I knew a great deal more things than the 'Geniuses' should have known but didnt (I was an Apple Product Professional before the stores came to our country; Ive watched the decline in quality of trained personnel).

I got the 'this is a one time only refund' yadda yadda thing too... which I waited until AFTER the refund was assuredly back on my Mastercard for me to say 'fine, this is my one time only trusting in Apple to keep my data safe then, and never again. Good luck with customer appreciation because you just lost mine'.

I thought using the Apple-Only gift card approach (small denomination) would be the solution, because there is no possible way for that to be used outside of the iTunes Store personal account. Wrong. Clearly Apple accuses those hacked gift card users as being a problem too, given the hundreds of retellings Ive read here.

I have asked Mastercard to give serious consideration about continuing to let its client base be so repeatedly and severely accused by Apple of fraud (I am quoting injit verbatim for what supposed occurred right from my personal computer... he as an Apple rep. threw the word 'fraud' back at me from the very start, being I am the only one living here and the only one to access my computer that he assures me is the purchase source location).

That is tantamount to calling me the fraudster when Apple has clearly eliminated every other possibility.

Mastercard's response was that there appears to be no apparent compromise of the card and nothing being noted as untoward, so it must be an isolated Apple account issue where the data can only be abused within the confines of their system, NOT used outside the system to purchase non-Apple related items. We will see in time.

This was a relief to hear from Mastercard. It also put double the amount of bitterness towards Apple.

Given the payment option check box of 'none' in the personal account information window (which I am now using), I am thinking the only other possible way to make use of this 'service' is to activate it briefly, each and every time, to make a purchase followed immediately by logging in right afterwards to clear away any credit/debit card data?

Apple has given the world absolutely no 'solutions' to the matter; maybe that is one way to keep buying the music or apps one wishes. After being so thoroughly burned, Im not wanting to be the first one to try this 'on then off' data input approach, however.

Ah, nothing like beating your head against the wall. Here is my latest reply from my lovely support contact:

I apologize for any inconvenience this may have caused you. However, you can reset the password in the iforgot link either by answering to the security questions or by sending the password to your email ID.

Please make sure that you are not using the same passwords which was used before in your iTunes Store account.

Yea. Wonderful. Here's my reply, let me see if I can get anything answered from it.

Where have I been unclear that both my password and security question have been changed? I have stated it repeatedly that I have changed them. I don't know how much more clear I can be. The security issue that is at question here is how the account was breached to begin with, as neither my password nor question were compromised from my end, the 4 computers that I had authorized were not compromised, and I have never shared that info with anyone. I have not had any response coming from you regarding that issue.

If I am only going to receive this kind of so called help from you, I feel I need to be in contact with someone who is more knowledgeable about security issues instead of someone who only tells me that I need to change my password over and over again, as I am clearly in contact with someone who does not know what they are doing.

Customer support is simply that. They (likely) don't know why or how your account was compromised.

If you purchased a product from Sears or Walmart, would you take it back and demand the person selling it to you tell you WHY the widget failed?

My latest rsponse from support is as follows:

I have checked your account and found that the password was not reseted properly, howeever, I have reset your iTunes Store account password for you.

Your account name: blahblahblah

Your new password: blahblahblah

NOTE: Please copy and paste the above account ID and password in order to avoid any errors.

To increase the security of your account, please choose a password that nobody else knows and that you don't currently use for any other online account. The password should have both letters and numbers and be at least eight characters in length.

You can change your Apple ID and password at the My Apple ID site:

This has grown beyond ridiculous. I'm pretty much done with Apple, iTunes, and my iPhone. Time to switch to Verizon and get a Droid.

It's true that most customer support is basically useless, but MomawNadon had provided detailed information about the issue. The rep should have passed it on to a department that could help in that situation and not keep spitting back garbage. If I bought something from Walmart or Sears and had my account breached due to their inept security, I'd sure as heck demand an answer as to why. It's not that their product itself failed, just their security.

These boards are meant to ask questions and voice concerns, not to display fanboyism.

Good luck MomawNadon!

I may be impatient here, but it has been 1 day since reporting to Apple about this fraudulent purchase. How long did it take for you guys to get a response? I'm just very upset about this since it was a gift card from friends and it was nearly drained by these hackers 😟 I just want my credit back ....

Chris CA wrote:

Customer support is simply that. They (likely) don't know why or how your account was compromised.

If you purchased a product from Sears or Walmart, would you take it back and demand the person selling it to you tell you WHY the widget failed?

Chris, You seem to be a bright sort, and obviously doing this for a long time (level 9). However, I would submit that that Apple is providing not only a product (iPhone, iPad, etc). But also a service (iTunes, App Store, etc...). I for one absolutely love the products (3 iPhones, 4 iPod Touches, 1 iPad in our Family), it is the services that I find lacking. I believe Apple really needs to learn to take responsibilty where approriate. This security issues is so pervasive that it must be a breach of Apples Security. They need to Acknowledge the Problem to each customer that has an issue and it would seem to be be MUST more aggresive in solving the issue.

Just as a another example of what I am concerned with - the famed 'Antenna Gate'. I believe right from the start Steve should have come on and said "We missed an issue with the antenna in the iPhone 4. We will make it right, in the mean time all folks that have purchased the iPhone 4 prior to this date we will provide you a cover to mitigate that issue. But instead, we got "its just the software signal indicator that is wrong" and then we were schooled on how to hold the phone so it did not antenuate the signal so much, and of course the "suggestion" to BUY one of there cases. That is not taking responsibility in my book.

Just one guys perspective 😉. R/Doc