This is just an idea of what may be happening.
Somebody is following IRC channels (or any place that sends unencrypted passswords) through a bot, so to gather usernsmes/passwords. These are then tested in the iTunes Store, by a bot or a software. If one u+p combo actually works (= a successful login), then the hacker is warned, so he/she can enter an account, change it and purchase anything.
Such behaviour may be used to gain a top ranking position, or just to get extra credits in some dumb games.
I do not use any IRC, never seen my Apple ID hacked.
The exact same thing happened to me on the 18th February. The purchase says it was only one £13.99 in app purchase, as well as a 'free' purchase of the app, yet the e-mail I have says it was two seperate £13.99 in app purchases. I'm now left with 67p in my account, after previously having ~£28. Luckily I don't have my credit card details on there, so they drained a gift card.
I'm at a complete loss of what to do, I can't seem to find any contact details for apple that could resolve the situation, I reported the problem but heard nothing and it took them 2 days to send an e-mail out saying I could change my password. Dire.
I have also had $50.00 in my account. When'd to add another $50.00 iTunes card and found that only $4.82 was left! I had not made any purchases since I added the funds to my account. On further investigation, I found that some Artist by the name of Lakoo charged my account ( 1 free App. and 2 Apps of $19.99 etch plus $5.20 for tax!!!) the company name is or game is GAMEISLIVE CORPORATION, the rest of the information I can not make out. It looks like Chinese words and numbers. I have since then changed my password And maybe should change my ID also. This has happened to too many Apple iTunes customers, Apple must look into using tougher security soon or they may find people will stop using their services.
Wilf E Vanderheide, email@example.com
Intell, Win. 7, Panda GP
Around 2:30 a.m I received two emails from Apple that said I had purchased 江湖行2 from Apple Store. My credit went from $100 to $0.02. I immediately reset my password and thought my laptop was keylogged or being infected. However, I did some futher research and found out that several people are going through the same problem. I guess this is apple's fault.
I have stopped all transactions with Apple/Itunes until this thread stops suggesting the problem is solved, all the time the emails pour in listing another theft I'll spend my money elsewhere. Suggest everybody does the same.
We (my family) enrolled with Itunes for fun and enjoyment, but this constant hacking leaves a sour taste, I'm not sure that I will return even if the theft stops, it is the complacency on the part of Apple that make me most angry.
Apple too big to care...
I redeemed a $25 gift card Thursday evening, purchased a $1.99 fitness app that was suggested by members of a running/fitness forum last night, and then this morning found just over $1 left after getting an e-mail that a purchased had been made from a device not previously associated with my account. Also my CC had been removed from my account.
I have changed my password, deauthorized all computers and reauthorized only 2 (home PC and work), and contacted Apple about it. Now awaiting response e-mail.
This was the Galaxy Empire app with a $19.99 in-app purchase. Never even heard of this before.
Could any of this have any connection to this MyFitnessPal app I just downloaded?
We have just been hit by this, a £0 transaction to buy the app then 2 x £5.99 in app purchases.
It is atrocious that this has been going on so long.
My 10 year old son's Christmas gift money has now gone. I got a warning from Apple that an unauthorised device had accessed my account. Why does iTunes even ALLOW unauthorised devices to access accounts.
Sorry to shout but WHY ARE THERE NO RESPONSES FROM APPLE ON THIS? SORT IT OUT!
Yes Patrick!!!! My hacking incident was several months ago and I posted in here. My hacking incident was a lot like yours. I had just downloaded and installed MyFitnessPal for Ipod Touch a day or two before my hacking incident. Because of that, I believe what some people said then...that there may be some rogue apps that feed your password to the hackers.
The hackers changed my credit card number to a credit card I didn't possess; changed my address to an address in another state that I never heard of; and changed my name to MY PASSWORD!!!!!!!!!! I am very careful with passwords and don't think I fell for a phishing email. I think it was the MyFitnessPal app.
One difference between my incident and yours was that the hackers in my case bought a $50 Itunes gift certificate instead of an in-app purchase. I've seen some people on here state that they think the whole thing is an in-app purchase problem (or however you phrase that) but mine was not. It was, again, a day or two after purchasing MyFitnessPal.
Edit: At that time, some people were saying that the phony credit card they changed my credit card to was probably a stolen credit card number. Some speculated that this is a way for hackers to monetize stolen credit card numbers, because companies wouldn't ship actual merchandise overseas or something like that.
Yeah I just looked at the reviews on MyFitnessPal - in 300 reviews there was nothing but 4 and 5 star reviews. Come on, no app has ZERO negative reviews on it. Those have to be fraudulent reviews. I wanted to review it myself to warn others, but am afraid of putting my password in just to leave a review for it.
Just to be clear . .
My hacking reported earlier had nothing to do with this Fitness App
I don't want anyone to draw the false conclusion that this only happens from MyFitnessPal !!
I am a computer programmer with a very high awareness of what phishing is, and I had only used the logon/password that was hacked on iTunes UK !!
It is my firm belief that the vulnerability in my instance was on the Apple servers !
I think there are a lot of people in the same boat.
Apple were in denial alluding that I was a victim of phishing, or that I use the same logon/password between online accounts, or that I told someone my password.
This is just not acceptable and they should investigate things seriously !!! UNHAPPY !!!
I think you will find this post (that Apple quickly removed) interesting:
I have talked to the Chinese hackers as they are called and after 3 months of being nice with everyday chit chat. They have now sold me their program and taught me how to use it. Now keep in mind I'm not a programmer but this is what I do to make the program give me access to anyone's apple account and thus their cash.
I start the program, called apple hack, in Chinese. I then enter emails into the .txt files. I then start the program to search mode. After about 1-2 hours I get feed back from the program. It only gives me data if those with money on their accounts. With the data I get their apple id and password. Once I have that information, I go into their iTunes account. Change their payment method to none, cause of the request for a pin code to their credit cards. Once u have done that, i I find the game that requires in game purchases. Download the game, buy the points quickly, and then move onto the next account.
Now I can only say this program seems to use a back door to iTunes, how else can it send passwords back to me right? A brute force hack into their servers......"