iTunes store account hacked

For my troubles and requests for a supervisor or someone more knowledgeable about security issues, I receive an email this morning with another admontion to change my password and security question, even after doing it 3 times now and explaining that in each email, as well as receiving a placating 'here are 5 free song purchases' for your troubles - all from the same 'support' contact.

This entire exchange is now just plain insulting. I hope no one else gets hit with this kind of attack, that Apple will actually acknowledge that there is a glaring hole in their security and fix the problem, but I don't see either of those happening. All I can say is good luck to the rest of you who have already dealt with this problem, and to the numerous people who are going to be finding this thread in the upcoming weeks.

I had the exact same problem today. Hacked my account and stole $19.99 from my itunes account balance. The "receipt" was from "帝國 Online, 23400銀幣禮包, Seller: GAMEISLIVE CORPORATION LIMITED".

I am amazed that this problem continues given the reports on this thread. How was your situation resolved with Apple/itunes? Thanks

MomawNadon78; your experience with Apple's 'support' is EXACTLY like mine, which tells me they arent helpful, they are merely talking heads with a pretty sloppy Apple response script to follow.

I also never got to go up the chain of command; in fact my multiple requests for a supervisor or dept. head was completely ignored.

Responding to you and I with nothing but "you need to change your password again" is wholly illogical and irrelevant, and is obviously not 'supportive' or providing any solution at all. Like you, I had changed all the security functions and features multiple times, and like you and the rest of the people using the iTunes store this will do absolutely nothing to prevent a breach of this kind in the future. Ive always used massively complex and intricate passwords; Apple dares to accuse me of sloppy security tactics. My security questions and passwords were NOT the problem, nor was my location/computer... which was non-functional and offline for the days this occurred. This occurred INSIDE the net without my consent or knowledge INSIDE Apple's database and purchase control systems and had NOTHING to do with any actions taken on my end: Apples fault.

Mastercard has told me my card does not appear to be compromised thus far, over a month after filing a complaint against Apple's practices with them. They are concluding it is someone who can get IN the Apple system and USE the credit/debit access on the inside... without actually having access to the pin or password. I didnt understand Mastercard completely but it sounds almost like whoever this group is has found a way of 'switching on' a purchase function and having the fee covertly applied against the accounts on iTunes store, without really having the actual PIN number and password being compromised. Basically the same way Apple can 'flip a switch' and reverse a purchase, download or access it sounds like.

Meaning: if they actually knew my MC data they would have hastily max'd out the card by now OUTSIDE of the Apple Stores... (makes sense as Apple doesnt store the last 4 digits of a CC, so pretty impossible to 'guess' so accurately unless they can linger 'on the inside' with a cpu crunching through trying the 9999 possible combinations of those last digits to make this all work). They didnt pilfer those last digits from my locked down Mac, trust me. Nor did they fly over here and go through my garbage cans to reverse engineer the regularly burnt up CC statements or slips, nor do I believe they are sniffing everyone of our connections. Not even all of China is that good.

Also meaning: atleast in my case it appears isolated to Apple's system, and as long as I have removed my card information and chosen "None" in the purchase info. section of my profile, I should continue to be ok.

Which also means if Apple continues to openly blame users or their passwords, this problem will never be dealt with and there will continue to be fraud and theft taking place.

Im amazed this problem continues right to this day. Give google a search for 'hacked iTunes' and see how many years this problem goes back. Apple archives threads of this topic pretty quickly, so searching in the forum wont reveal the best open, continuing threads about the matter. Im sure the fanboy will have something to say about all that, but hes disregarded in my books.

It looks like Apple's response is always the same, just as the script response was read to you and me.

Apple failed to protect me, and its 'response' of non-solution means I cannot trust them with the new credit card they insist I use in place of the one they fouled in the first place. I will not be chasing stolen money with good, to mangle a phrase.

<Edited by Host>

Brad Schurman wrote:

thebytedoc: "Chris, You seem to be a bright sort, and obviously doing this for a long time (level 9)."

...

Brad, you are correct, but this is my way of being gracious...even if it is not warranted. Try to not to throw too many stones, as at some point will come right back and him me. Additionally, if I want my message to be read, it is best not to shut down my intended audience in the first sentence.

Chris CA wrote:

Customer support is simply that. They (likely) don't know why or how your account was compromised.

If you purchased a product from Sears or Walmart, would you take it back and demand the person selling it to you tell you WHY the widget failed?

Apple is not a retailer like Sears or Walmart. As a company, Apple goes to great lengths controlling hardware, OS, and software from end-to-end of the distribution channel. The products involved in this problem are all sole-sourced from Apple (ITunes, IPad, IPhone, ITouch, ITunes Gift Cards). Apple has a responsibility to both their customers and shareholders to get this resolved. Telling customers to quit complaining, just means the issue has probably not gotten the attention of someone high enough up in the company to get a real resolution.

The people voicing their concerns here are trying to get the right person to notice before it becomes a bigger PR problem for Apple.

michael from colorado wrote:

Telling customers to quit complaining, just means the issue has probably not gotten the attention of someone high enough up in the company to get a real resolution.

Don't see where anyone is telling people to "quit complaining".

Same exact thing happened to me...not sure how it happened because my password is secure and I am very cautious about how I go about my iTunes purchases, etc... I don't have a credit card on file, I use gift cards and receieved an email that I had purhcased this:

Brotherhood: Ultimate Guide, v1.0, Seller: gao jing - $1.99

Cheats Guide for Black Ops, v1.0, Seller: gao jing - $0.99

both are SoftStar applications.

I contacted Apple about it and they refunded the purchase, but never mentioned that it has been happening to others too...sounds fishy to me.

Just noticed this happened to me a couple days ago too, exactly as said by everyone else. Kamagames poker, never downloaded a game by them, $22.98 drained. I had put a gift card that i got from my barclay itunes card on a couple days before. Never had a hack happen before or since. Random password of numbers and characters. Changed it already, but it also had my city as somewhere else. I rarely purchase things, but i tried to get something at $.99 and it told me i didn't have enough, i only had $.98, so i checked my purchase history.

I'm boggled why they don't just ditch Kamagames out of the store, and ban everything they do. They clearly are part of it. I'm also thinking the gift cards are somehow "tainted" too, as so many have just used them before being hacked.

Just had my account hacked for "kingdomconquest" and "texaspoker" as well. A bunch of charges all ranging from $22-43.99. But the weird thing.... in Itunes it says my account balance is now $111.25 and before this hacking, I don't think I had much of a balance at all. I could be wrong though. Confused...

Same thing happened to me on May 12/13.

I redeemed £70 of iTunes gift cards last weekend, didn't spend any then but logged on today to see my account drained and Poker apps purchased along with loads of in-app chip purchases.

I changed my Apple ID password and reported it. My concern is this could be related to the recent PS3/PSN network hack - I used the same credentials (dumb I know) and forgot to change my Apple ID password. Anyone else think the same or is some other vulnerability?

tanny_man wrote:

My concern is this could be related to the recent PS3/PSN network hack - I used the same credentials (dumb I know) and forgot to change my Apple ID password. Anyone else think the same or is some other vulnerability?

It's simply a coincidence.

I don't see how it could be related unless your AppleID is the same as something in your PS3/PSN network and they also knew you had an iTunes account with a balance.

They wouldn't simply start searching the PS3 info then seeing if they can get into an iTunes account with the same info.

Similar issues. Topped up with £15 made a puchase or two then next time I launched iTunes I spotted kingdom conquest was automatically downloading and store credit wiped. Checked history and it was in app purchases. Odd thing is that my bank details were already removed from my account. Also noticed there's and extra computer now authorised to my account. Major confidence dropped with apple. Simple search in google shows the scale of this issue.

Sorry forgot to mention I've submitted and online request to investigate it. My password isn't the easiest nor my secret questions. Also really anal with antivirus an freewalls! Something's is getting through the loop.

Why did they only spen the value of my store credit? How did my bank card details remove themselves gin my account..

Do apple have to deaithorised all of te computers against my account? I know how to do it on the particular device.. But I don't have access to the hackers computer to deaithorised them!

My account got hacked a few days ago too:

Texas Poker, 500k chips, Seller: KAMAGAMES LTD $9.99

I only use gift cards, last time was back in Feb of this year. Customer care issued a credit refund instead of refunding my credit card. I replied asking them to refund to my cc. If they don't I'll call my cc company to do the refund and then close my iTunes account.

I had a $40 gift card balance and Kingdom Conquest just hacked me today with a $38 charge. Obviously this has been an issue for quite a while with no solution in sight. Very disappointing. I hope I get my money back.