iTunes store account hacked

There are no numbers to call. But you can at least contact Apple on both these links and voice your opinion. They do read these. They aren't support, they are feedback. Copy these and post every time you reply to this forum. There are even more forums covering this mess.

The contacts to Apple have been listed over and over.

START USING THEM!!

iTunes

Security

I got hacked last night and all 110$ has been drained out and they bought this

Original Gangstaz, 3000 Street Creds, Seller: Addmired, Inc
Report a Problem Addmired, Inc In-App Purchase $99.99Subtotal:$99.99Tax:$0.00Order Total:$99.99

I dont receieve any help from apple yet

just my account is blocked and retrieve the password !

This is appauling .....

My all the money has been gone :((((((((((

is there a way of getting my money back .... ??? pleaseeeeeeeeeeee helpppppppppp

yep, hacked as well. I asked someone on support chat and they directed me to an email form to give to Apple:

http://www.apple.com/support/itunes/contact.html?form=account&topic=iTunes%20Sto re%20Account%20and%20Billing

I just filled it out, so they haven't had time to read or respond to it yet.

Honestly, i would love to know how to lock down my iTunes account to only allow specific devices to do anything with my account. This would at least limit all liability to only my specific iPhone that I have on my hip or the computer on my desk.

I just got this response from Apple. It seems they have softened their stance a bit, but are still denying it isn't their fault at all.

Dear William,

Welcome to Apple iTunes Store Customer Support! My name is Raj and I am glad to assist you.

I understand your concern about the security of your account as this is the second time that fraudulent purchases were made on your account. I know this must be frustrating. I will be glad to share some information with you.

There are many different ways that your information may have been obtained. Your information can be obtained through programs from trojan viruses from websites that you visit, which steal your personal information from your computer when signing into an account. Some information may even obtained through your actual email account.

Another possibility is what we call "Phisher" sites. These are websites that are masquerading as the iTunes Store and prey upon customers asking them to enter in their personal information, such as account name and password.

To make sure that this does not happen again, you will want to scan your computer for any type of malware that may be present, be very careful about the websites that you visit, always sign out of your iTunes account and make sure that the password for your iTunes account is not used for any other online account that you may have (and also make sure that the password does not contain any part of your actual email address or account name either).

I know that this is an upsetting situation, and I can certainly understand your concerns, however I want to assure you that this is not an issue with iTunes Security.

The iTunes Store does take numerous precautions to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction.

The following page outlines, in detail, how Apple protects your information:

Apple Privacy Policy;

http://www.apple.com/legal/privacy/

Whenever you make changes to your password make sure to follow some good practices to ensure you are creating the hardest possible password for any potential attacker to figure out.

Here are a few tips;

1. Randomly substitute numbers for letters that look similar. The letter ‘o' becomes the number ‘0', or try using '@' instead of 'a'

2. Randomly substitute in capital letters (i.e - aPplE)

3. Think of something you were attached to when you were younger, but do not choose a persons name. Every name and every word in the dictionary will fail under the most simple attacks used by hackers.

4. You should also use different username/password combinations for every site you use.

5. Since it can be difficult to remember a large number of passwords, consider using what is known as a password manager program. Often they can be found for free and they are designed to store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. Although I am not permitted to provide specific recommendations or endorse 3rd party products, I'm sure you will be able to find such software using any popular search engine.

Once you've thought of a good password, navigate to this website to find out how secure it is;

https://www.microsoft.com/protect/fraud/passwords/checker.aspx

* Notice the http(S) in the URL. This indicates the site is provided via an encrypted connection (meaning anything you send to it is done so using the highest standards in secure data transmission).

William, it is okay if you wish to keep your account disabled for some time, when you wish to re-enable it, please reply to this email with the following information:

1) The complete billing address listed on the account, and

2) One of the following:

- the order number of your most recent authorized purchase

- the name of any item you've purchased using this iTunes account

I hope this information will be helpful. If you require anything further, please reply to this email and let me know, I will be happy to see what more I can do. Take care and I wish you all the best.

Sincerely,

Raj

iTunes Store/Mac App Store Customer Support

This is an update to my previous post. I sent an email to Apple using this form:

http://www.apple.com/support/itunes/contact.html?form=account&topic=iTunes%20Sto re%20Account%20and%20Billing

The email was sent on Saturday. Monday at 3:38am, the gift card dollars were reimbursed into my account. I never actually received anything from Apple. They simply disabled my account and when I tried to log into itunes, it forced me to change my password.

That was it. short, easy, and prompt. Its pretty much the pattern for everything done with apple. I can't blame apple for what a hacker is doing. The hacker is the bad guy here, not apple. Apple didn't make me jump through any flaming hoops to get a refund or prove I didn't buy the app.

The lesson here is to simply use gift cards in order to limit your liability. I'm trying to learn from this and make sure that all online acounts I have are similarly limited in some way.

http://www.apple.com/support/itunes/contact.html?form=account&topic=iTunes%20Sto re%20Account%20and%20Billing

That's the best address form to use. Remember to check your spam box for replies.....as I just realised I had received 3 replies but they were all in my spam!douche

Today I noticed that I have to pay Click and Buy € 158 because of 2 purchases of 79 each. My purchase history shows that they first downloaded 人人乱世天下 By RenRenGames into my account and made the in-app purchases of € 79 there. Oddly enough, my iTunes purchase history shows one purchase of € 79, and my Click and Buy shows 2x € 79.

Of course I tried to report these purchases in iTunes as shown here

http://support.apple.com/kb/HT1933?viewlocale=EN-EN

But when I get to step 8, clicking on Report a Problem, and the reporting form should be come up, the only thing that happens is that my browser opens the webpage of iTunes http://www.apple.com/nl/support/itunes/, like I have to instal iTunes first. When I do the same for another purchase I made myself (a music CD), the reporting works. So I don't think the problem is in my pc.

I already reported this to Click and Buy, and I will email this to iTunes costumer support too. For some reason I'm glad to see I'm not the only one affected by this fraud, because now I feel that we all have a chance to get this solved.

This happens still jan.2011.

Look at here: https://discussions.apple.com/thread/3031164?start=90&tstart=0

50.000 accounts have been stolen and the apple-members have not been informed!

That`s the problem...the same problem like at sony...but there the comunity was informed worldwide by dayly news!

It is a case of missing information from the supplier to the customer riscing developing sensitive individual dates by continuing the own business with collateral damage ("we have decided to refund in this individual case").

That is not fair...it is a cracy interuption of confidence between the supplier and the customer!

It seems the supplier has decided that it is better to make business instead to inform the customers about insecurities and the possibility of loosing sensitive individual dates!

I said: it is a scandal!

iTunes stolen accounts (for google and other services: tested: came at google at the second place...the main information was from jan.2011... ...and Apple thought it not necessary to inform or lock the account if there where no feedbacks to the information)...

...incredible!

How came 50.000 accounts to a chinese website?

I think, this is not a problem of individual insecurity.

Tell me!

Beside:

To take a e-mail as account-id is not secure course many people now some e-mail-adresses.

The e-mail-adress should stay in the background while the user should be able to name the own id-name by self.

For every payment there should be send a code-nr to the e-mail-adress to make shure that the order comes from the account-owner!

If there will be made no more securities like before i ain`t make any business with apple site anymore.

If you don`t tell me exactly how 50.000 accounts came to a chinese website...just the same like above.

Instead of Genesis`s Selling England by the pound i see here Apple and Selling people by account

If I google I can`t find "Apple" "and" "Selling people by account"...I wait.

I just got hit today for about $30. All store credit as I did not have a CC linked. Waiting for Apple to respond.

The fraudulant purchases were all apps called Sixjoy Hong Kong

------------------------------------

My iTunes account was hacked for a total of $41 overnight....seems like I am not alone!! Apple also emailed me realising a dodgy transaction as below;

---------------

Your Apple ID xxxxxxxxx was just used to make a purchase in 帝國 Online from the App Store on a computer or device that had not previously been associated with that Apple ID.

If you made this purchase, you can disregard this email. It was only sent to alert you in case you did not make the purchase yourself.

If you did not make this purchase, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.

Regards,Apple

---------------

My credit card was also removed from my account. I will now just use gift card top ups of $20 to minimize future issues.

I've had my iTunes account for several years and this is the furst time I have had a problem...I hope Apple do the right thing by me...

I do not understand what you are saying...When you upraded to the icloud, it required you to change your password in addition I believe it also made you change your Apple ID, but here is what i dont understand because in the post above you say and I bolded and underlined the part i dont understand:

Doubleshotlight wrote:

Apple is at fault because stores have a duty of care for the safety and security of its customers. Apple has put itself out to the world as a safe and secure place to put your credit card, paypal, and gift card information so it should be vigilent in protecting such information.

I don't believe Apple has lived up to this duty. Even if they are not responsible for the leak of this confidential information (which seems doubtful considering the masses of people with the same story and different payment methods and the specific stories of App developers that make purchases), I know for me, when my account was hijacked, the hacker changed my Apple ID and my email was never notified. Apple only has you confirm major account changes through the NEW email you imput and not through your OLD email. They should at the very least have a system in place to notify our real email when our accounts are compromised and make confirmation of such changes through your original email.

Since I have been locked out of my hijacked account for over 48 hours, I started making some music purchases at Amazon, the music is cheaper, has less legal restrictions, it is all stored in the cloud, and hopfully my cc information is protected by a company that cares more about security.

meanwhile in the post created here: https://discussions.apple.com/thread/3543257?answerId=16911365022#16911365022 you write (and I bolded and underlined the part I dont understand):

Doubleshotlight wrote:

Did you check to see if your purchase history is still there? This morning I noticed the same thing but I looked at my purchases and found there were none, as if it was a brand new account. When I went into my iphone's iCloud settings, some random person was signed into my icloud.

I subsequently changed my email address on my Apple ID just in case they had access to my email. When I changed the email, I found that my original email was never notified that I had changed to a new email. This is crazy because you will never know if someone has changed your email! This leads me to believe that someone hacked my account and changed the email address and Apple ID and created a new shell account with my old Apple ID so I didn't realize that my real account was taken over. That means your real account might be under a new Apple ID. That is my theory so far... waiting on customer service.

Just out of curiosity, perhaps you were seing yourself online? or do you have multiple apple id's. I am confused.

Message was edited by: Carlo TD

Really??,How do you think I feel! Phishing is not only done through an email but also as a a fake web site. And NO you would not know if your infomation is phished unless you have money stolen from you, regardless if you have a gift card, visa, mastercard, paypal, discover, or amex card. And Yes, i believe that is what is going on here. I understand you are calling me ignorant, but that is ok, because by the definition of the word, I have

lack of knowledge or information: he acted in ignorance of basic procedures.

But that is fine, I am willing to learn and change, so therefore my ignorance is not a bad thing.

Perhaps you should do a search on the web. Below are some (recent) links I found:

* New Scams use fake Amazon gift cards, Adobe updates to lure victims (12/06/2011)

* Be on the lookout for Apple iTunes phishing email (10/31/2011)

* Identifying fraudulent "phishing" email (10/12/2011)

* New Phishing Attack Targets Apple iTunes, Security Firm Says (10/05/2011)

* How to avoid or remove Mac Defender malware (6/8/2011)

* Phishing primary cause of bogus iTunes charges (8/27/2010)

* The Real iTunes Fraud Vulnerability: Gullible Users (8/23/2010)

* Spam/Phishing email impersonating iTunes store (n.d.)

I heard back from Apple support and they are refunding me, no hassles. Customer service was very responsive and helpful. I've included part of the response I received below. It seemed obvious to me that they are aware of the issue and for now they are dealing with it this way. Hope this helps.

"Dear Debbie,

Welcome to iTunes Store Customer Support. My name is _______ and I am glad to assist you today.

I understand purchases have been made with your iTunes Store account without your permission or knowledge. I am sure you are anxious at this time and I will do whatever I can to help you right away.

Debbie, I have checked your iTunes Store account and it appears that your account information was modified without your authorization. This can happen for a number of reasons, most commonly due to "phishing" emails, sharing passwords, or using the same password for multiple online accounts.

Please review the following article for help in identifying legitimate emails from the iTunes Store.

Identifying legitimate emails from the iTunes Store

http://support.apple.com/kb/HT2075

When you reset your password using http://iforgot.apple.com I highly recommend that you follow the suggestions outlined in the following article:

iTunes Store: Best practices for protecting the security of your account

http://support.apple.com/kb/HT4156

I'm pleased to inform you that, I have issued a refund for the items purchased without your permission.

The decision to issue a refund was made after a careful review of your case. Please note that this refund is an exception to the iTunes Store Terms and Conditions, which state that all sales are final. A refund in the amount of 29.91 USD has been issued to your financial institution. Refund processing times vary depending on your financial institution and can normally take from 7 to 10 business days. Please contact your financial institution for details related to processing times.

I have also removed the card from your account and have disallowed it from being used on the iTunes Store."

iadubber wrote:

SimonJester753 wrote:

iadubber,

OK, now we have a professional IT person.

What in your opinion is the method they are using to access our accounts?

Are they hacking Apple's server or just using a program that guesses passwords?

Or is it something else?

And most importantly, how do we prevent it?

I'm most concerned because I figure we are going to HAVE TO migrate to iCloud in the near future, and I'm just not feeling secure about that. It could force me to switch to Windows, (yuk).

I am by no means a security expert. I did just however realize that I did share email and passwords with PSN. Could this be connected? Kingdom Conquest is made by SEGA which is a segment of SONY that was hacked earlier this year. I am thinking I did not change my iTunes info after the hack to PSN and I just started using iTunes again after a long hiatus when getting my 4S not too long ago.

Really I'm at a loss on how I could be hacked, this is the only connection I can find.

I did not have any gift card balance on my account. It was only linked to my Paypal.

Here is their response:

Dear Chad,

Thank you for writing to iTunes Store Support. This is Mico and I'm glad to be of service for your concern.

Chad, thank you for bringing this up to our attention. I understand that the purchased app "-KingdomConquest-" on your account was unauthorized. I can certainly realize how alarming that must be and I sincerely apologize for any inconvenience this may have caused you. No worries, I'll help you get this matter resolved as quickly as possible.

I checked your account and determined that PayService has already initiated a refund for you, for orders MGWDGB1ZB1, MGWDGB1YDG, MGWDFJ5JGN. Please contact them if you have questions about when the refund will be posted to your account.

Chad, I strongly recommend you change your iTunes Store account password immediately. Changing the password will help to prevent anyone else from using your iTunes Store account to place orders without your knowledge. To increase the security of your account I highly recommend that you follow the suggestions outlined in the following article:

iTunes Store: Best practices for protecting the security of your account

http://support.apple.com/kb/HT4156

If you wish, you can also remove your payment information from the iTunes Store as follows:

1) Open iTunes and sign in to the iTunes Store.

2) Select "View My Account" from the Store menu.

3) Enter your password and click the View Account button.

4) Click the Edit Payment Information button.

5) Select "None" as the payment type.

6) Click the Done button at the bottom of the page.

If you suspect you are the victim of identity theft, consider contacting the fraud departments of any consumer reporting company to place a fraud alert on your credit report.

To prevent further unauthorized purchase, your account is currently disabled. If you would like to request that your iTunes Store account be enabled, please reply to this email.

I hope this information has been helpful. Thank you for allowing me the opportunity to assist you. Should you have further queries, please feel free to respond and I'd be happy to assist you. Thank you for choosing the iTunes Store. Have a great day!

Sincerely,

Mico

iTunes Store Customer Support

Please Note: I work ST-W, 8-5PM CT

I'm assuming by PayService they meant Paypal. How long does Paypal take to get a refund?

I was hacked this morning...5 separate purchases for $150 through iTunes for in-app purchases that all ended up being charged to my PayPal account once my store credit had depleted. The hacker changed my apple id email address and physical address as well as my phone number. They purchased an app called Happy City (http://itunes.apple.com/cn/app//id459397568?mt=8) that appears to be Chinese and bought in game credit.

I was told by iTunes (via an Apple customer service rep chatting for me over the phone) that the purchases were non-refundable and that I needed to contact PayPal. They were very courteous and sympathetic, but unfortunatley couldn't do anything.

I then contacted PayPal and they promised to refund my money and that they'd investigate the incident.