iTunes store account hacked

All of you that have had this happen recently should receive your gift money back while enduring your accounts being deactivated and your reactivating them, as well as any computers you previously had authorized. I suggest using up the gift card money as soon as possible because there have been reports of second attacks cleaning out accounts after being reactivated by Apple. It's amazing to see how this entire situation is not reported.

As a matter of fact, without any prompting, my account was deactivated again over the weekend, causing me to reset it, my password, my security question, and personal info. I'd try to push this against Apple, but I know I'll run into the same wall as I previously had, and have to reset my info yet again while they supposedly look into the problem, probably ending up with another 5 free songs offer to make me complacent yet again. Instead, I'm going to finish out my current contract and never use Apple again.

Good luck to the rest of you.

It took a day for me to get a reply back from Apple support. It took 3 or so days before I got my refund. Outside of that, I detailed my efforts at getting more feedback/support earlier in this thread.

I also had my account deactivated over the weekend. Apple offered no explanation, but I presume this was an attempt to drain my account again. It took 3 days to recover the account this time, and another round of changing passwords and security questions.

Now I have my credits, but I'm not in a buying mood and I missed the holiday sales.

Just got an email re: a Kamagames on an account I haven't touched in YEARS. I've never been a fan of iTunes, only made the account because I got a free gift-card. Thank goodness I never associated any credit/debit card info to it. Now I'm dealing with setting up a virtual machine just to install iTunes simply because I don't want that p.o.s. on my system, and evidently you MUST use iTunes to manage your account (flaw anyone?). Anyway, from the research I've done into this thus far, I'm going to propose the following: It seems as though there have been a few under-the-radar hacks of Apple's iTunes account lists (under-the-radar to the press at least, who knows if Apple is aware) over the last few years, and that is what has lead to the ability for hackers to sell accounts on TaoBao. This is the first time I have had ANY of my accounts hacked (15+ years in IT), and it seems unlikely to me with the timing on these posts that brute-force hacks just so happened to nail large numbers of accounts simultaneously (especially with the many people stating they have complex passwords). As a result, I'd follow my standard recommendations: Utilize a masked email address that is forwarded to your main address. Use a unique password. Limit personal info listed. And finally, do NOT associate a real money account to your iTunes account.

There's my piece and report, enjoy the $10 I never would have spent (although it is interesting that they were able to charge that much, i thought I only had a $10 card, and had spent $2.)

I've just received another invoice for another 3 -KingdomConquest- purchases totalling $29.97 on my account even though they wiped the $75 in gift cards I had on Sunday down to 0.05¢. And I've still gotten zero response from Support.

It happened to me as well: $15 gone to poker chips for a KamaGames LTD app. I'm suspecting a rogue app on my iPod Touch, and here's why. I entered a gift card for $15 through the iPod, and less than two days later, the money was gone. The hackers either had to have a very sophisticated monitoring program which could scan compromised accounts, regularly checking for credit, or they would have to be notified when store credit was added to the account.

As to your question about how these hackers are making money, they simply sell the credit at a better exchange rate to current players of the game for real money. The most critical reviews of the Texas Poker game on the itunes store were complaining of the practice.

This happened to me today. I woke up to several emails telling me about payments from my PayPal account. Upon investigation, I found that a free app called Kingdom Conquest had been "purchased" (quotes because it was a free app) and subsequently several purchases of credits/coins/whatever were made through my iTunes account. They dinged me for about $100 from PayPal and wiped out my iTunes balance as well.

I have filed disputes with PayPal and reported this to Apple. I heard back within an hour from Apple, and they refunded my credit balance. Kudos to them for doing that. I have changed my iTunes password and username. Bizarrely, the hacker (if that's what it was) didn't attempt to lock me out of my account. Thank goodness for that. Be aware, however, that this is ongoing. I was not phished. I have a long, complicated (but not random) password. Still, they got access to my account.

Best advice I have outside of disabling your iTunes account is to completely remove any attached credit cards or bank accounts.

My account got drained to the tune of $140. It was worse because I had set up my PayPal account and linked it with my iTunes account, so it drained through PayPal. The positive of that was PayPal reimbursed me, but I haven't unlocked my account so the 140 is still sitting there.

I went to go get food somewhere, and my debit card had been declined. Freaking out, I ran home and started looking at bank stuff. Seeing withdrawals from PayPal in $20 increments amounting to $140, and from my PayPal account, I was furious. Is Apple going to do anything?

My Paypal account was linked also, but thankfully they didn't take more than what was on my giftcard. Apple replied to my e-mail over the weekend saying they would refund my $14, but tried to blame me in standard form letter. They told me that they may not refund the money again if it happens one more time.

Also, I'd like to add that the way accounts are closed and then reverified does not seem very secure. They shut down my account, and then I had to e-mail the guy back my address and something that I have purchased from the itunes store in the past. If someone had hacked my account, they would have had the same information, enabling them to also gain access to the account again. Does this seem weird to anyone else?

Yep, same issue here. Just had the unauthorized charges pop up, on the 7th. I've reported it to various news outlets honestly, including engadget. If Apple doesn't do something soon, they better get the Sony treatment. This is ridiculous for a company as big as Apple to have such security flaws. I no longer trust iTunes frankly.

Just had he same thing happen to me. The sequence of events;

Unauthorised txn happened June 3rd with recweipt date of June 4th for this "Texas Poker, 1.5M chips, Developer: KAMAGAMES LTD", took €15.99 from my iTunes account. Rarely use iTunes store so spotted it accidentally & I reported it to Apple June 5th via web form & changed my password. Conf email from apple re unauthorised purchase June 7th. Reported it to Apple again via telephone support June 7th. Apple disabled my iTunes account for security reasons June 8th & I am still waiting for refund.

I just had the same thing happen to me with KINGDOM CONQUEST by SEGA CORPORATION.

Free download turned into $42 addon ... total of $46.74 after tax. All done without my knowledge and with no device having it downloaded.

I reported via email web form and haven't heard back yet.

So you willingly downloaded Kingdom Conquest and then got hacked. My situation was that I was hacked and then the hacker downloaded KC and purchased credits for the game (using my iTunes balance and PayPal account).

I still have the KC app in my download folder, so it was never even installed. Why would they download that first if they could just buy the credits anyway. (I'm not going to install it, BTW, but can't seem to get rid of the download. Apparently that has to be cleared out by Apple.)

Apple reimbursed my iTunes balance quickly, but I've yet to hear from PayPal/Apple on my $100 lost there.

You guys think you got it bad, I got taken for over £1000 UK pounds this afternoon, fortunately my amazing bank got to me in time and have been able to stop it, I think. Can't talk to apple on these matters, they don't have anyone to talk to, you have to send an email to which they promise a reply within 24 hours. 24 hours? The hackers will have emptied my bank account by then. Thank God I have got a good bank on this.

@gheidorn: Ah, I see. That would have been a twist in the story if you had downloaded it yourself.

@Rupert: Can you remove the funding source (your bank) from your iTunes account? 1000 pounds--that is bad.

@lordkaosu: Apparently it is more than gift cards and PayPal. I think any funding source tied to an iTunes account is vulnerable.