iTunes store account hacked

Hi all

I have had the same problem. Got and invoice this morning for Texas poker chips, Kamagames Ltd saying i had bought chips at £11.99 & £5.99 puting my itunes balance to 50p. so looks like i am took a victim.

What is the best way to contact apple uk about this and hopfuly get it put right.

Many thanks

Michael

I, too, was hacked over the last few days. I had a little over $100 in iTunes Gift Cards in my account. Yesterday, when I went to buy a 14.99 app it said I didn't have any money in my account. I thought that strange but even stranger was that my credit card info was no longer in my account. Then I found the email from earlier in the day for 99.99 of iMobster Favor points! Since I'm the only person that uses my iDevices this is clearly a hack!

I've sent the email to the iTunes team and am now waiting. In the meantime, I had added my credit card info back into the account before realizing what happened. Have since removed credit card info and changed my password. I am also very careful about iTunes authorizations on my 3 computers and noticed I suddenly have 4 computers in my account. I found an old PC and authorized that computer so I could deauthorize all 5 including the hackers account.

Not sure I should submit another message to iTunes or wait until I hear now that I have more details!

What is happening?

bluemc wrote:

The problem is you can't deauthorize a computer on your account, even if it was done without your permission, until you have at least five computers authorized. You just authorize several more, until you hit five. That's where friends, work come in. Once you have five, then you deauthorize all but your personal computer, including the bogus one. Please reread this statement. Five is the magic number where you can deauthorize any or all of the computers on your account! This gets rid of the bogus computer. The rep said it may help keep the hackers from accessing the account again, since their computer is no longer authorized on your account.

Note that Deauthorize all will not prevent all previously authorized computers from using content already on that computer.

Only if they attempt to use the iTunes store again with that account will it actually do anything. If an authorized computer is not connected to the internet, how is it going to get deauthorized?

Hi, Chris,

I was told that an authorized computer on my account, in this case one that was authorized without my permission, may have an advantage in getting back onto my account. It's not about the content that was downloaded, it is possible protection to keep it from happening again from the same hacker. It's not really deauthorizing the computer itself, but deauthorizing it from the account.

The hackers are using some type of vulnerability in the system and are not using your credit to purchase games or music for themselves. They are using it to sell games to a bogus or genuine developer, then are getting a kickback for their hacking. Or it is the developers themselves that are hacking the accounts to take our money.

I originally thought they were cracking the gift card numbers so it was used by them, then debited from my account. Obviously, they are getting directly into our accounts, so it is a vulnerability in the iTunes Store. This is evident by them almost always changing the city to Towson MD, and deleting the credit card info. There is a college near Towson, so maybe some students are doing it from there. I don't think it's being done in huge numbers, but it is methodical and the items being purchased are slowly changed to other items maybe as Apple closes a developer's account for all the bogus charges.

Melissafromaokforest: The Apple rep assured me they are not getting the credit card number, as only the last four digits are displayed, and the remainder of the number is protected by encryption. I haven't had any charges made to my credit card after about a month, knock on wood.

I have a question for anyone reading this...has anyone been hacked by this twice? If so what was Apples response? Also, has anyone that has requested a refund been denied?

In answer to my own question, I have only been hacked once and was given a full refund, of course with the caveat that it was a 'one time deal'.

Appreciate the feed back and sincerely hope Apple gets a clue on this one, I am extremely disappointed with them. They almost had me ready to get a Mac (after 30 years solidly in the PC/Microsoft space!).

I got a response yesterday from iTunes support letting me know that I will be reimbursed fully and that my account had been deactivated and I have to reactivate it by giving them some information. I did so and my account was reactivated later that same day. iTunes support requested that I change my password to prevent future problems, which I fail to see how helpful that would be since I never did anything in the first place for the hackers to get my password information, so the password isnt be the problem. To prevent a future problems I will NOT add my credit card information to my account and I will use my iTunes gift card as soon as I redeem it inorder to insure a hacker does not spend it first.

Good luck to those still trying to navigate iTunes support I hope you get your refund!

Just got wiped out by Kamagames for some in app chip purchases for poker which I don't even play. It says I bought them last night which is amazing since I have never launched one of their apps.

The only thing I did differently yesterday on my iPad was to update all apps from the iPad rather than the PC. It did prompt me for my password, but I just assumed this was normal since I usually update from my PC. Maybe this is how they are doing it?

Add me fellows. Just lost $59 to "GAMEISLIVE". I don't even have any of their apps. Awaiting a response from Apple. It's been 3 days. I already changed my passoword.

It's then newest trend in stealing! I never use a credit card for itunes anymore, only a gift card, but they were wiped out within a day of entering the codes.

Add me too. I was charged $60.95 from a silly game named KingdomConquest, and a in-app purchase of $35.00 of chips for "Kamagames". Apple's response was useless, due that I have 1 week (and counting) since my report.

And, for so, my CC info was deleted, city changed to Towson, MD, secret answer changed. I have changed my password, but still, is not helpful, and, now, I need to pay almost $100 by something odd! How they can do it!

Got hit yesterday..wiped out a remaining of a $25 gift card. I removed credit card from account but beware, I actually had a heads up text at 4:11 pm ET from my Yahoo email associated with Itunes account that someone tried to retrieve my password using a secret question. I changed everything on that account, then early this morning daughter informed me there wasn't any money left on the account. When I checkd, it was all over the map, downloads at 4:09 ET - Simpsons to disco.

Just sent Apple request for refund today. Waiting to see what happens. Of course all passwords, notifications have been changed but you might want to think about the email account affiliated with Itunes as well and updating that, just in case.

I was checking how to de-authorize pc's since I only have 4 and will try links above for safey. I think I know which pc's they are, crashed, one literally smashed, and daughter's pc she used until it ran out of memory, but I need to get every one off except for mine.

I do not have an Ipad, but a slightly creeped out that someone also tried to hack email account.

They do prompt you for a password when you update your apps via ipod... although I think maybe that's also how the hackers are getting that information. Can add me to this list though. I was updating some apps on Sunday night and find today that my account has been drained for KingdomConquest points.

zerg1234 wrote:

They do prompt you for a password when you update your apps via ipod... although I think maybe that's also how the hackers are getting that information.

It will only ask for a password if you have apps you have already purchased, on the iPod/iPad, so they would already have to have a copy of the purchased app from your account.

I have the same exact problem as everyone in this thread. I had about $30 in iTunes credit from gift cards, and on May 29, $28.76 of it was spent on KingdomConquest in-app purchases. I attempted calling technical support, but I was basically ignored as, according to the man I spoke with, the entire iTunes support team can only be reached online, and NEVER by phone. If this is true, which I hope it isn't, that means that we have absolutely no power over whether our claims are actually read and dealt with. I'm getting incredibly ticked off at this powerlessness over the people hacking my account and stealing my money. I've never liked Apple, but they're just giving me more reasons to hate them now.

Another "met too". Just added a $25 gift card I received yesterday, and this morning it was cleaned out. It was "-KingdomConquest", along with a bunch of in app purchases. The number of authorized computers seems correct. I have changed my password today, and used the support request on the web site to request a refund. This *****, Apple knows it does, and so do the Apple fans who want to ignore everything negative about the way Apple products work, and the way Apple does business. Why doesn't Apple allow us to see which device made the download of the app? Or the exact date and time, and IP address ?

There are ways for the hackers to disguise their IPs, etc. but it should be perfectly clear to Apple that the number of reports of fraud related to unauthorized "KindgomConquest" purchases on gift cards show a clear pattern of the system being compromised.