You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iTunes store account hacked

I'm posting this just to share my story and get reactions. It's a little detailed but I thought worth sharing.

On November 23, 2010 I purchased a single song from the iTunes store for .99. I used store credit that I had from a gift card I received last year. It was the first purchase I had made since July 2010.

On November 25, 2010 I received a receipt for 2 more separate orders to my account. These were for over $50 in iPhones apps. Here's a sampling of some of the purchases:

1 eREAD isoshu, v1.5, Seller: ChengDu YueTong Internet Information Co. Ltd (17+)
2 Plants vs. Zombies, v1.3, Seller: PopCap Games, Inc. (iDP)
3 Monkey Island 2 Special Edition: LeChuck's Revenge, v1.1, Seller: Lucasfilm International Services Inc.
4 Asphalt 5, v1.2.6, Seller: Gameloft (9+)
5 Let's Golf!® 2, v1.0.1, Seller: Gameloft (4+)
6 Frames & FX for Photos, v2.5.1, Seller: Imikimi, LLC (12+)
7 Stenches: A Zombie Tale of Trenches, v1.0.1, Seller: Thunder Game Works (9+)

I do not have a credit card linked to my account, so these were made using my store credit.

I have only 1 computer authorized for my account (my personal home computer). I live alone and no one else touches my Powerbook but me. I also DO NOT own an iPhone, so I would have no interest in apps.

After I saw these bizarre purchases, I checked my account. I noticed 2 strange things: My account information had changed: My street address was correct, but city, state and zip had changed to: Towson, MD 21286-7840. I have never lived in Maryland. Also, I noticed that my password recovery answer had changed to "Murray" in response to a question about my mother's maiden name. That's decidedly NOT my mother's maiden name. Also, my birthdate had changed to an incorrect month and day.

I immediately changed my password and my recovery question/answer challenge.

I reported problems on all of these purchases and also contacted iTunes Account Support by e-mail.

Within 24 hours I received an e-mail from "Vicki" at iTunes Customer Support. She wrote:

"When reviewing over your account "name@domain.net" and the two reported orders, it shows that the content purchased within them was acquired from the computer that is currently authorized for your iTunes account. So I strongly advise that you do consult with those in your household regarding the purchases made, and the charges that resulted from those purchases."

Further:

"I have gone and reversed the charges for the two orders....You will see a store credit in three to five business days....Please note that this is a one-time exception, as the iTunes Store Terms and Conditions state that all sales are final."

I am pleased that Apple is refunding my store credit and replied so quickly.

However, it is simply impossible that these purchases were made from my computer. Again, my Powerbook is the only computer I have ever authorized to access my account, and I am the only person with access to it.

I am not sure how this happened. Any thoughts or similar experiences?

Powerbook G4, Mac OS X (10.5.8)

Posted on Nov 28, 2010 3:43 PM

Reply
1,958 replies

Dec 22, 2010 3:17 PM in response to stereocourier

add me to the list. While on holiday I got an email from Apple that the creditcard info on my iTunes account had changed. Could not respond since the wifi signal was poor/stopped working. When I came online again the next day `I received two mails with a purchase receipt for two apps each, totalling €27.46 , thus leaving €0,28 in my account. I do not have an IPhone nor iPad and I never bought an app. Luckily the creditcard I used for opening the account does not work anymore, so this was all they got.

I contacted Apple and they responded very quickly. They closed the account and will refund the €27.46 the next days. So that is good.

What is remarkable is that the purchase receipts show 3 out of the 4 apps to be developed by a certain "bin mao", the another one by "yu gao|1091937977". Certainly no coincidence.

Looks like this could be a way to get the apps in the top-charts or to write positive reviews? Unfortunately after Apple blocked my account I could not write a review anymore, to let the punters know that this is a fraud that works through compromised accounts.

If Apple wants to do anything about this theft they should go after the developers that use this fraud to get their apps rated. Apart from that I am very happy with the way Apple handed the situation, giving me a refund rightaway.

Dec 23, 2010 3:41 AM in response to Eagerbob

Same thing! They changed my billing address to Towson, MD 21286-7840, and burned up $29.54 worth of credit from a gift card. I just got the email that a change was made to my account yesterday, 12-22-2010. When I checked the account and found the charges I was (am) po'ed! I sure hope that Apple will find whoever is doing this and fix this hole!

Jan 1, 2011 1:10 PM in response to TheCBB

I awoke to read my emails and saw that I got one from Apple at 3:35AM PST notifying me of an account info change. I tried logging in and found my password had been changed. After resetting my password, I found someone had made 3 separate purchases today for $41.83, $41.84, and $0.99 (bringing my gift card account balance down to $0.30). My city, state, and zip have been changed to Towson, MD, 21286-7840, my credit card information has been removed, and there is now only one computer authorized to play content purchased with this account.

I emailed Apple and am awaiting a response. It is a pretty uneasy feeling to know that this exact thing is happening to so many of us--and I want to know what can be done to stop it...

Jan 3, 2011 2:52 PM in response to stereocourier

I've joined the club. Got an email today saying my credit card info had changed (looked and it was just deleted) and the balance of my gift card (about 10$) had been used to purchase a maobin app. Just emailed customer service and reset all pw's. No address change or any other changes to account noted. Funny thing is the app in question says the purchase occured on today's date at 11pm, but got the email around noon today.

Jan 10, 2011 2:59 AM in response to stereocourier

Me too - I did not recieve an email from apple as no account changes were made - But 4 x £30 gift cards were purchased using my account and have now been debited from my account!
I have used Itunes linked with a bank card for years and I am now unsure whether I want to use it again!
HOW IS THIS HAPPENING TO SO MANY PEOPLE?? APPLE SECURITY!! :/
will apple reimburse this?

Jan 11, 2011 2:24 PM in response to Mike Johnson12

I experienced the same unauthorized app purchases depleting entire gift card balance. Received an iTunes confirmation email detailing these purchases and immediately sent query to iTunes customer service advising them of theft. Customer Service replied advising me they would credit my account back this one time only suggesting that I made 'accidental' purchases of the seven apps I've never heard of (I don't use apps, have no app device, never order anything but music, was working alone at home on computer at time of purchase).

They also included instruction for how to change my account password and re-enable my account which I did but provided no confirmation of any security breach to my account which I found disturbing. A bit of further research online pulled up recent news about a ongoing situation involving the hacking and distribution of thousands of iTunes store account passwords in China in the past months.

Not satisfied with the iTunes CS response, I've written back demanding a credible answer from Apple iTunes management with info specifying the computer IP address from where purchases were initiated as well as how they plan to address this type of security issue in the future. Until I receive an explanation from Apple I will not refill my iTunes balance and advise everyone I know to disable any credit card info connected with their site. I suggest everyone else do the same. And write back demanding a public explanation from Apple.

Jan 11, 2011 2:57 PM in response to martian.mermaid

yup, same response, pretty much that i recvd from itune CS.

if you find any more info on this problem,pls post for all of us!

imho: when emailing CS, it seemed as if i was not talking to apple (but really talking to the fraud makers). questions went unanswered. i recvd the wrong credit amount the first time, then they disable my account. unusual, as i generally get good service from them.
brad

Jan 13, 2011 12:32 PM in response to brad p

Another me too- I have never clicked any phishing mails (never received any) and very careful on links I click. So my password can only have been acquired through ITunes somehow.

9x 10pound gift certificates that I only know came off my account as I received a receipt today for one of them. Spoke to bank/cancelled card - apparently transactions not come off account yet - unsure yet whether they will go through. First thing I did was delink my card and change password on ITunes. They clearly had my password as it shows up on the transactions.

Contacted ITunes - awaiting a reply. Bank are sending me transaction dispute forms also in case. Apparently they picked up he transactions yesterday and have already sent a letter out to me to query them - they blocked any further transactions beyond 9 by default.

Not awaiting for transactions to either go through - and go through the process of claiming back or not going through because card cancelled before their authorization. Either way as far as I am concerned the password was acquired through ITunes nowhere else.

Jan 27, 2011 8:59 AM in response to Tsac77

im from thurmont, and my account was hacked at 2:32 in the morning and then was debited at 2:33 in the moring. they purchased $10 worth of apps and removed my credit card from the itunes account. luckily, i called my credit card company and froze the account. the author of the apps was named "gao jing". dont download anything from this guy. i didnt even download the apps but they ended up on my computer. apple better refund my money because i am upset really about it!

Jan 30, 2011 2:54 PM in response to stereocourier

how many of you have contacted apple about the fraud?

how many of you have recvd responses from apple that appear strange, as if they replied as if they were reading a different persons email. not really answering your questions, saying unrelated things that dont pertain to your questions, refunding the wrong amounts etc...?
almost like you were talking with the hacker at some points.

Feb 1, 2011 3:22 PM in response to brad p

I contacted Apple and they refunded my charges. I also questioned them about the possibility of an App that may be the cause of this hack. All I got was a comment about how to protect my account and password security, blah blah blah. Oh and maybe contact the developer or look for support from the developer of the App. OK. So first, I have no idea which App is doing it. Second, like they are gonna help me. And third, I can change my password all day long, but if it's being stolen by something on the iPod, it's just gonna steal it again. So the only way to be safe is to have 0 apps and have a $400 music player. Yay!!!!

iTunes store account hacked

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.