Q: iTunes store account hacked

Moi aussi.  I was hacked today for $79 by KingdomConquest.  My iTunes payment method is now set to none and of course new password.  I called customer service and had a refund while still on the phone.  Kudos to Apple for the quick response.  But will I be getting an iPad3?  NFW.  If the ecosystem is not secure, if my PayPal account can be accessed, it just isn't worth the risk.  So far my kids' Kindle Fires are unhacked, but maybe the android app store is next.  This could be a real problem for the online purchasing paradigm in general.  Take it seriously Apple.  Maybe you guys have the talent to come up with a secure online buying system.  Do what you do best.  INNOVATE!

I was hacked today for almost $50 in Apple gift card money. First someone gained access to my account and "downloaded" the free Kingdom Conquest app at 2:45 a.m. when I was asleep, and then bought almost $50 worth of In App Purchases from SEGA Corporation. SEGA says I should complain to Apple and ask for a refund. Apple says it's not responsible for In App Purchases. I'm glad I did not have a PayPal or credit card linked to my account. Apple should do a better job helping those who think they've been hacked figuire the problem out...

I'v been hacked today on my itunes accout a total of 371,89 euro was bought.

They used it to buy Texas Poker with inapp buy's and a gift card money of 50 euro...

I disabled my click and buy account and changed my password. I'v e-maild apple for refund.

Hi...I hope someone can help me.... Today I received an email from Apple where I was told that someone bought music with my idapple on a unregistered mac or pc... I was told to change password. I did it. Now that I have a new password I entered on itunes and... SURPRISE.... I had 69 Euro... I have 0,28 cent.... I check the bought cronology and discovered that yesterday a very kind man or woman bought 5 albums and other songs.... and now???? It is possible to have my credit back? What can I do?I have already written to apple....

Please help me!

210 € charged for Haypi Kingdoms, hope Haypi and/or Itunes will refund me.

I was hacked for $35 in apple gift card money by Kingdom Conquest. I e-mailed Apple, and they are going to credit my account in 5-7 business days. It was in app purchases by an unauthorized computer. Seems like apple might consider email verification for purchases from unauthorized computers (duh). Also seems like apple might consider removing an app from their store that is associated with so much fraud. My password was pretty weak, so I changed it, but I have to say I am getting worried about apple's security.

This is all sounding familiar, and it seems like it might be simpler than we think.

Here's how I think it's happening:

1) Hacker logs into a game with weak security.  These games tend to send username/account/password in the clear and via plain text.  Order & Chaos Online is an example of such a game.

2) By playing in proximity to other people, they easily "see" various usernames/account/passwords from other players (this does require a hack, but is simple and readily available online).

3) Once the hackers have a username/account/password from the game, such as Order & Chaos Online, they attempt to use that account information for iTunes.  In most cases it won't work, but it many it will.

4) Once hacker has username/account/password, they log in and purchase in-app items in other games (or even the same games.

Given my theory here, I don't use my email account (that's tied to my iTunes account) for ANY online game or experience with other players. 

I don't think the problem is iTunes, rather lack security in applications that require an email address to use, and lack security in users who choose the same username/password for iTunes and application logins.

That's just my 2 cents.

I don't think so, in many cases people don't even have these games. In my case the game was purchased along with real purchases of mine. It seems as if somebody hacked into my account while I was using the Appstore, and that's a security issue that Apple has. Of course the seller should also see if the account who get's the in-game purchase is the same one that pays for it. But they probably don't care as long as money flows in.

I was also hacked with Kingdon Conquest.  They purchased the game and in-app credits.  My amounts were $49 and $46.  My iTunes account was funded by PayPal which then pulled from my checking account.  I caught it quick so I called PayPal and closed my checking account and the charges cannot go through.  I am so very frustrated and disappointed with Apple and iTunes!

I do not buy or play games like this, nor do I use the game center so my email address is not out there in any way.

Apple really needs to get on top of this before they start losing customers...

The same thing happened to me this morning: 100 Euros in Gift Cards, not related to any game. I have a question to all these people saying: "E-mail Apple". What e-mail? I only find the "Express Lane" in their page when looking for support for iTunes, and the "Express Lane" link is currently not working. How else can I contact Apple on this matter?

Thank you all.

Count me in as well. $100 in 3 seperate hits on this *&(&^%%$## Kingdom Conquest at 3:15, 3:17 and then again at noon today WHILE I was creating dispute with Paypal.

And Vebazzo, I too had an awful time trying to figure out the email, it is itunesstoresupport@apple.com.

I hope for a reply soon.

In the mean time, I changed my password and changed my itunes payment method to "none".

What email address did you use to contact Apple?  I have the same issue, and I can not find an email address.  I called the 1-800 number, and they said to email a response.  I have spent an hour looking for it on the apple support site!!

atomb0215, use itunesstoresupport@apple.com

They have already refunded 2 of my 3 charges, which I incurred around 3:00 this morning.

I agree, is is VERY difficult to find the email addresses.

That tip may not always work.  I got hacked and charged for 3 purchases I did not make and so I changed my password, and removed payment options to "none" and I still got another charge a few days later.  How can my account be charged when there is not payment option?  The thief used the same credit card # that was no longer attached to my account. 

holy cow.

What the heck is going on? Apple and Sega know full well that this is an ongoing concern with Kingdom Conquest.

1) Why do they continue to allow In App purchases for this game, in general?

2) Why do they allow the specific In App purchases for this game when they knew the device is unauthorized? If they can send me a warning email, can't they block the purchases?

3) Why do they pretend that I was a victim of ID theft, when they know something fishy is going on with Kingdom Conquest?

And what of the Tech Media? Why are there many blogs and articles written about this in June of 2011, but utter silence since then?