iTunes store account hacked

Only if there was a song that would teach all of you a lesson... http://youtu.be/O_ufD3QT51U . Have to give some credit.... http://itunes.apple.com/us/album/you-just-got-hacked-single/id437600854

Message was edited by: Carlo TD

I just got hacked...hacker got this http://itunes.apple.com/cn/app/id457522213?mt=8

And $100+ worth of DLC..

I ended up changing passwords everywhere and im tracking my credit card. I believe i didn't have one linked to my itunes for a long time.

This is the e-mail I got from Apple Support:

Dear me,

Welcome to iTunes Store Customer Support. My name is Karthik.

I understand purchases have been made with your account without your permission or knowledge. I am sure you are anxious at this time and I will do whatever I can to help you right away.

me, to prevent further purchasing, I have disabled your account. I urge you to contact PayPal as soon as possible to request an investigation into the security of your account.

We have issued a refund for the items purchased without your permission. The decision to issue a refund was made after a careful review of your case. Please note that this refund is an exception to the iTunes Store Terms and Conditions, which state that all sales are final. A refund in the amount of $58.91 has been issued to the payment method(s) that were used to pay for the items.

If you suspect you are the victim of identity theft, consider following these recommendations:

- Contact the fraud departments of any consumer reporting company to place a fraud alert on your credit report.

- Close the accounts that you believe have been used without your knowledge.

You also have the option to remove your payment information from the iTunes Store. To remove your payment information:

1) Open iTunes and sign in to the iTunes Store.

2) Select "View My Account" from the Store menu.

3) Enter your password and click the View Account button.

4) Click the Edit Payment Information button.

5) Select "None" as the payment type.

6) Click the Done button at the bottom of the page.

The security of your account is important to Apple. If you would like to enable your account, we will manually reset the password for you and include helpful information for when you reset the password again yourself. It is recommended that you reset the password even if you wish to leave your account disabled.

If you would like to request that your iTunes Store account be enabled, please reply to this email.

To increase the security of your account I highly recommend that you follow the suggestions outlined in this article:

iTunes Store: Best practices for protecting the security of your account

http://support.apple.com/kb/HT4156

me, I hope this information is helpful. If you have any further questions, feel free to contact us and we will be happy to assist you.

Have a nice day!

Sincerely,

Karthik

iTunes Store/Mac App Store Customer Support

Please Note: I work from Monday to Friday, 9:30PM-6:30AM CST

Heard back from Apple today. They are refunding the amount of the unauthorized transaction, but gave me the standard response about it being a one-time deal, goes against terms and conditions, blah blah. Here is what I wrote back:

Regarding account security, I always take every step outlined in the article you linked below. I understand that you're likely sending me a pre-determined response. But please understand that I take account security VERY seriously, and frankly I'm rather insulted that Apple would suggest that I was somehow at fault for this happening. This is not an isolated occurrence, not by a long shot. This has happened to thousands of iTunes accounts over the past several months and years, dating back to 2010 from what I've seen. Here are a couple of large discussion threads right in the Apple support forums about this issue:

https://discussions.apple.com/thread/2665383?start=0&tstart=0

https://discussions.apple.com/thread/3031164?start=0&tstart=0

There are quite a few other discussion topics there on Apple Support about the same issue.

Apparently there is a "group" of hackers around the world that somehow gain entry into iTunes accounts, and drain accounts that have a gift card balance on them, or a PayPal account associated with them. Perhaps there are malicious apps that gather user/password information, or maybe these are brute-force hacking attacks.

As indicated in the first thread linked above, many people have received refunds for these unauthorized transactions. Obviously this is costing Apple a considerable amount of money. It would be highly advisable for Apple to investigate these matters and take measures to increase security.

So I reviewed the iTunes store terms and conditions here: http://www.apple.com/legal/itunes/us/terms.html and found this paragraph:

DISCLAIMER OF WARRANTIES; LIABILITY LIMITATION

APPLE DOES NOT GUARANTEE, REPRESENT, OR WARRANT THAT YOUR USE OF THE ITUNES SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, AND YOU AGREE THAT FROM TIME TO TIME APPLE MAY REMOVE THE ITUNES SERVICE FOR INDEFINITE PERIODS OF TIME, OR CANCEL THE ITUNES SERVICE AT ANY TIME, WITHOUT NOTICE TO YOU.

YOU EXPRESSLY AGREE THAT YOUR USE OF, OR INABILITY TO USE, THE ITUNES SERVICE IS AT YOUR SOLE RISK. THE ITUNES SERVICE AND ALL PRODUCTS AND SERVICES DELIVERED TO YOU THROUGH THE ITUNES SERVICE ARE (EXCEPT AS EXPRESSLY STATED BY APPLE) PROVIDED "AS IS" AND "AS AVAILABLE" FOR YOUR USE, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NONINFRINGEMENT. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, THE ABOVE EXCLUSION OF IMPLIED WARRANTIES MAY NOT APPLY TO YOU.

IN NO CASE SHALL APPLE, ITS DIRECTORS, OFFICERS, EMPLOYEES, AFFILIATES, AGENTS, CONTRACTORS, OR LICENSORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OF ANY OF THE ITUNES SERVICE OR FOR ANY OTHER CLAIM RELATED IN ANY WAY TO YOUR USE OF THE ITUNES SERVICE, INCLUDING, BUT NOT LIMITED TO, ANY ERRORS OR OMISSIONS IN ANY CONTENT, OR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT (OR PRODUCT) POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA THE ITUNES SERVICE, EVEN IF ADVISED OF THEIR POSSIBILITY. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR THE LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH STATES OR JURISDICTIONS, APPLE'S LIABILITY SHALL BE LIMITED TO THE EXTENT PERMITTED BY LAW.

APPLE SHALL USE REASONABLE EFFORTS TO PROTECT INFORMATION SUBMITTED BY YOU IN CONNECTION WITH THE ITUNES SERVICE, BUT YOU AGREE THAT YOUR SUBMISSION OF SUCH INFORMATION IS AT YOUR SOLE RISK, AND APPLE HEREBY DISCLAIMS ANY AND ALL LIABILITY TO YOU FOR ANY LOSS OR LIABILITY RELATING TO SUCH INFORMATION IN ANY WAY.

APPLE DOES NOT REPRESENT OR GUARANTEE THAT THE ITUNES SERVICE WILL BE FREE FROM LOSS, CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, OR OTHER SECURITY INTRUSION, AND APPLE DISCLAIMS ANY LIABILITY RELATING THERETO. SOME PRODUCTS CAN BE DOWNLOADED ONLY ONCE; AFTER BEING DOWNLOADED, THEY CANNOT BE REPLACED IF LOST FOR ANY REASON. YOU SHALL BE RESPONSIBLE FOR BACKING UP YOUR OWN SYSTEM, INCLUDING ANY ITUNES PRODUCTS PURCHASED OR RENTED FROM THE ITUNES STORE.

Soooo... does this meant there is ZERO recourse when these security breaches happen??? People breaking in, using our funds, changing information, using or removing credit card info, etc? How the heck are we supposed to prevent such hacking attacks if they are the brute-force type?

The only option I see is to never use gift cards, and to always just pay for stuff with your CC, such that if this ever does happen then you could dispute the charges with your bank. Is this how it's going to have to be? If only gift card funds could be applied to my CC lol.

The exact same thing happened to me this morning, this was Apple's response:-

Dear xxxx,

I am glad that you found your way to the iTunes Store Support, my name is Julian and I am going to assist you today.

I am sorry to hear that there were unauthorized purchases made with your Store Credit

To prevent further purchasing, I've disabled the iTunes account that was using your store credit.

For specific instructions on how to authorize and deauthorize a computer to play your iTunes Store purchases, please read the following technical support article:

http://support.apple.com/kb/HT1420

If you need further assistance or if you are concerned about your account security,

please feel free to contact me, I will be happy to help.

Kind Regards,

Julian

iTunes Store/Mac App Store Customer Support

What kind of response is this, I want my money back! I know for sure I'll probably never buy anything from Apple again.

Please view the following chain of emails. Other than getting my funds refunded as a one-time exception, this was a waste of time.

Dear *****,
This is Chris with iTunes Store Support. I see that you have an in-app purchase on your account. I can understand how this can be an inconvenience and I will be happy to look into this for you.
This is called an "In-App Purchase". For information on this type of purchase, check out this article:
iTunes Store: About In-App Purchases
http://support.apple.com/kb/HT4009
***, I understand that the purchase of "100" was unintentional. You will see a store credit of $4.99, plus any applicable taxes, in five to seven business days. You may need to sign out of the iTunes Store and then sign back in before you see the credit in your account.
Please note that this is a one-time exception, as the iTunes Store Terms and Conditions state that all sales are final.
It is always a good idea to keep your iOS device up to date. To learn how to back up and update your device, visit:
http://support.apple.com/kb/HT1414
If you would like to prevent In-App Purchases from being made in the future, you can block them on your iOS device. Follow these steps:
1) Tap Settings on your device's home screen.
2) Tap General.
3) Tap Restrictions.
4) If necessary, tap Enable Restrictions and enter a passcode. This passcode will prevent restrictions from being disabled without your permission.
5) Scroll down to the Allowed Content section. Switch the In-App Purchases option to OFF. Enter your Restrictions passcode if prompted.
Thanks for allowing me the opportunity to assist you, ***. I hope you have a wonderful day.
Sincerely,
Chris
iTunes Store/Mac App Store Customer Service
Please Note: I work Wednesday- Sunday, 8:00AM-4:30PM ET

RESPONSE FROM ME:

Can you clarify?
I do not even have nor have I ever had the app for the purchase that was made. It is some sort of Asian game and I don't speak any Asian languages.
In fact my IPOD was not even powered up in the last week.
My PC was however I have no apps downloaded on the PC and I rarely run Itunes.
I believe you have a problem here and it's not on any of my devices.
Instead of assuming I made a mistake somewhere I would suggest that you inform your technical support to look into this further.
Regards,

RESPONSE FROM ITUNES:

Dear ***,

This is Chris with iTunes Store Support again. I see that you are not satisfied with the answer provided to your issue. I do apologize for any inconvenience this has caused.
***, unfortunately no further investigation needed in this matter if you like we can disable your iTunes account until you are able to determine if someone accidentally purchased the content on your end. We also recommend if you feel that someone has used your account without your knowledge to change the password on your account.
To increase your account's security, I recommend you follow the suggestions outlined in this article when resetting your password:
iTunes Store: Best practices for protecting the security of your account
http://support.apple.com/kb/HT4156

RESPONSE FROM ME:

No disabling of the account is required!
Please understand that

#1 - it was Apple that informed me via email that this item was purchased from a device that had never been used on the account before.
#2 - I only have 1 apple device (IPOD Touch 3g) and 1 PC.
#3 - upon getting the email, I immediately followed the instructions of changing my password in case my account had been hacked.
As Apple is a company where security is of the utmost importance, I can easily see that by putting the error on the customer without any investigation and no way for the customer to prove otherwise, this absolves Apple of any responsibility.
Unless Apple is willing to accept that they might have an issue and further investigation is required or at least some form of information supplied to me as the customer, to show that this is at my end and some way to rectify the issue, there is no way that I will be satisfied with any answer that Apple is giving me.
Thank you for your prompt responses and for crediting my account as a 1 time deal.
Regards,

RESPONSE FROM ITUNES:

Dear ***,
This is Chris with iTunes Store Support again.

I'm sorry that I can't be of further assistance with your request, but the iTunes Store does not provide any account information—including account activity and personal information—without a subpoena. We do this for your protection.
You may access certain account information by signing in to the iTunes Store and choosing View My Account from the Store menu at the top. You will need to log in with your Apple ID and password. If you no longer have the password, click the button that says "Forgot Password?"
If you need further assistance regarding this issue, please contact your legal advisor, who may contact Apple's litigation department http://www.apple.com/legal/contacts.html on your behalf. Thanks for allowing me the opportunity to assist you, ***. I hope you have a wonderful day.
Sincerely,
Chris
iTunes Store/Mac App Store Customer Service
Please Note: I work Wednesday- Sunday, 8:00AM-4:30PM ET

This is exactly what happened to me- unfortunately no humans are available to speak to at iTunes - you have to go via http://www.apple.com/support/itunes/ and clic 'contact support' at the bottom left of the page and use their "Express lane" method of contact. I did this and everthing worked out okay - I got a reply and my money refunded within 24 hours but had to reset my account AGAIN.

I know it's horrible when this happens, but don't worry, it will be sorted out.

HTH and good luck!

I reported the transactions (apparently more went through than showed on my end right away) and a few minutes (literally just a few minutes) later got this back:

"Dear Jamie,

Welcome to iTunes Store Customer Support. My name is Arun and I am glad to assist you today.

I understand that you have unauthorized purchases. I know you are eager to get the issue resolved.

Jamie, to prevent further purchasing, I have disabled your account. I urge you to contact pay pal as soon as possible to request an investigation into the security of your account.

We have issued a refund for the items purchased without your permission. The decision to issue a refund was made after a careful review of your case. Please note that this refund is an exception to the iTunes Store Terms and Conditions, which state that all sales are final. A refund in the amount of $31.94 has been issued to the payment method(s) that were used to pay for the items.

If you suspect you are the victim of identity theft, consider following these recommendations:

- Contact the fraud departments of any consumer reporting company to place a fraud alert on your credit report.

- Close the accounts that you believe have been used without your knowledge.

You also have the option to remove your payment information from the iTunes Store. To remove your payment information:

1) Open iTunes and sign in to the iTunes Store.

2) Select "View My Account" from the Store menu.

3) Enter your password and click the View Account button.

4) Click the Edit Payment Information button.

5) Select "None" as the payment type.

6) Click the Done button at the bottom of the page.

The security of your account is important to Apple. If you would like to enable your account, we will manually reset the password for you and include helpful information for when you reset the password again yourself. It is recommended that you reset the password even if you wish to leave your account disabled.

If you would like to request that your iTunes Store account be enabled, please reply to this email.

To increase the security of your account I highly recommend that you follow the suggestions outlined in this article:

iTunes Store: Best practices for protecting the security of your account

http://support.apple.com/kb/HT4156

Jamie, I hope this resolves your issue. If you have any further queries feel free to contact us we will be happy to assist you.

Have a nice day!

Sincerely,

Arun"

iTunes Store Customer Support

http://www.apple.com/support/itunes/ww/

I work from Saturday to wednesday from 3.00am to 12.00pm Thank you for allowing me the opportunity to assist you

Maybe this will help you. Here's what I did:

I went to this link:

https://expresslane.apple.com/GetproductgroupList.do?PRKEYS=133314

selected iTunes under Product Categories

selected iTunes store in the next section

selected "Purchases, Billing & Redemption"

on the new page selected "My topic is not listed" and typed in something like fraudulent activity or unauthorized purchases then clicked the enter button

on the next page I entered my transaction information, which I got from the iTunes platform under my account/recent purchases or somethng like that

proceed as screen says to

GOOD LUCK!

This is the Solution.

..For getting your money back. Please change your passwords. Review any recently downloaded apps, as it's likey this is how they hacked in (eg, one that might require a certificate 😉. )

Thank you, from myself, and everyone else who is fortunate enough to stuble on your post.

BeagleBabe New York

Maybe this will help you. Here's what I did:

I went to this link:

https://expresslane.apple.com/GetproductgroupList.do?PRKEYS=133314

selected iTunes under Product Categories

selected iTunes store in the next section

selected "Purchases, Billing & Redemption"

on the new page selected "My topic is not listed" and typed in something like fraudulent activity or unauthorized purchases then clicked the enter button

on the next page I entered my transaction information, which I got from the iTunes platform under my account/recent purchases or somethng like that

proceed as screen says to

GOOD LUCK!

I called someone who gave me the instructions below and someone contacted me back by email within like 4 hours ....... they had my money credited and my account locked!

1. To contact iTunes Support, please go to:

apple.com/support/itunes/contact

2. Click "Get iTunes Support via Express Lane" button.

3. Click "iTunes Store" in the middle column and select a support category.

4. Click "Continue".

5. Under "Issue Description", select a topic.

6. Answer the questions under "Issue Description".

7. Click "Continue".

8. You would see either "Optional Sign In" or "Contact Options". Sign In or click "Continue without signing in".

9. Under "Contact Options", click "Email" and provide your contact information.

10. Provide the details about the issue and click "Send".

irok wrote:

I was hacked yesterday.

I first got an email saying my CC and shipping/billing address had been changed.

They logged in and purchased 2 $50 itunes cards (which have been redeemed).

They erased my CC info which was very old as I don't use this account anymore.

They used my name and email as shipping info and put in an address in Vertmont.

The receipt I received has the last 4 digits of the CC they used, I don't remeber (but may have) ever having a CC with those numbers. As I said I haven't used that account in years.

Called Apple, they said someone had probably used my account with a stolen CC.

My question, obviously I can't do anything to track the CC if they used a stolen one and I won't be charged for the purchase, BUT will somehow I be now linked to a stolen CC?

And if so what the hack I am supposed to do????

Use Apple's express lane... they will get back to you very promplty https://expresslane.apple.com/Symptoms.do

"It aggrivates me most that I had to seriously hunt to find a web page to attempt to contact Apple about this."

Seriously? Go to www.apple.com and scroll to the bottom. It's right there. "Contact US". In fact every Apple web page has this at the bottom. Reading is fundimntal.

transmogrification wrote:

This is really helpful to the forum of "iTunes store account hacked". Never once did you reference yourself as a victim, yet you chose to speak for all victims, while attacking another forum poster who has posted helpful comments.

https://discussions.apple.com/thread/2665383?answerId=17986833022#17986833022, for a start. It's a summary of the thread so far and some suggestions for anyone else who is a victim.

I must have missed Carlo's helpful post - please post a link. The only ones I've seen either insinuate that our PCs are hacked or say the problem is nothing to do with Apple. Most of his earlier posts suggest people contact their CC companies, which is BAD advice. Only recently does he suggest how to contact Apple.

As for your attack on Linj, he has every right to expect a speedier and better response from Apple. Who are you to tell him to wait 24/48 hours by following the "Contact Us" link? This is a victim of fraud here and he wants answers! He is also a paying customer to what is apparently the biggest company in the world and he does NOT expect to be told they "have no resources". In your responses (18222977 & 18223039), you and Carlo are simply rude - I don't understand why.

However, I'd like to take this discussion away from this thread (don't want to go offtopic).

<Email Edited by Host>

Brother,

What exactly is your question ??

Hacked iTunes account or GIft Card ??

In case of hacked account, do contact iTunes Store support, they will solve it in no time:

http://www.apple.com/support/itunes/store/