Q: iTunes store account hacked

Update, having waited 9 days for another response from the person who had contacted me previously via that route, I grab a human through the "chat" option.  My ID is finally re-enabled and my credit amount is restored.  The human I talked to was courteous and did quickly resolve the issue, however there wasn't much in the way of reassuring information regarding what Apple was doing about this problem.  Nor was there a history of my interaction with the first person who was working on this case...the one who had restored my funds but then just dropped the whole matter leaving my ID locked.  Kind of screwy there.

Now I need to consider my next steps carefully.  I don't want to put financial information in iTunes.  Pre-paid card? Blegh!!

Yup, looks like there's been a spike in account phishing on iTunes. It happened to me today. There were two charges of $40 and $30 on the free app "Haypi Dragon". Reason I found was I got an e-mail from Apple sayin an app and in-app purchase was made on another device.

I contacted iTunes through e-mail, told them the purchase number, and said someone used my information to purchase this. They said they'd make an exception in my case, to the "no refund" policy. They said they'd locked the account, asked if I'd want it re-activated (of course, yes), and manually reset my password, but didn't tell me the password they set (for security reasons). All informed me to reset my password, and change the security question.

The refund came promptly (through my PayPal account I use for billing). The charges didn't even touch my bank account. And now with my new password, I'm back up and running. So, I'm not too frustrated. Just hope Apple tightens security.

iTunes hasn't been "hacked" per say. Just account information has been phished. The infrastructure of iTunes and Apple hasn't been tampered with. That's my theory at least. Because when this happened the last time, Apple denied being "hacked".

I believe that you are wrong about this. I believe that Apple iTunes' servers HAVE been hacked. I believe that a program called 'Apple Hack' which is available in China was used to brute force our passwords.

The real question is: how does 'Apple Hack' get into Apple's servers and why doesn't Apple boot the program after numerous incorrect attempts to 'guess' the password.

In my case, and in numerous cases cited here, it was impossible to 'phish' my password.

Are you able to replicate what you believe... if not it is only speculation.

I have a doctorate in computer science and am a consultant for government agencies.

It is my my professional opinion that the problem is at Apple's end and the iTunes hacks are not due to 'phishing' attacks on the user side.

Well, I'll admit, I'm not the smartest at this. I guess what I meant was people drew information out of Apple's database, instead of messing with their products to force purchases automatically.

well... i might not be as smart as you... but just because you have a doctorate... some of the brightest people... are well... could always learn something. What country do you have your doctorate in?

The exact same thing happened to me today. I am on vacation, and I thought someone had broken into my house and was using my itunes and my computer.  I have already logged into paypal and disputed the charges.  One of the charges was for the app in the app store, the other purchase was an in app purchase I believe.  It was an itunes item anyway.  I have been replaying the last few days in my mind to see if I used any shady wifi sites or anything. It seems so obvios that whoever wrote this app is basically trying to steal our money, and or funnel our money.  There was one thing which was strange to me,, the other day I was using ebay on my mobile phone and i noticed that the site was no longer secure signin.  it was the mobile site.  I tried my password three times and nothing happened. I went back through to ebay, and then was redirected to the mobile site.  It seemed like the mobile site was secure, but then after I entered my password it just basically refreshed the login screen.  if anyone from apple is reading this, that is the only thing i can think of that might have been compromised.

An update to my own original complaint to thank Apple for refunding my lost credit within 24 hours of reporting it.

I received my doctorate in computer science from a major U.S. university (Big 10).

I don't store passwords on my computer. And I have never given passwords out to anybody who sent me an email or called me on the phone. Consequently, I can deduce that the security breach on iTunes was not at my end. Indeed, if anybody broke in to my office and stole passwords the least important password would be for my iTunes account.

This breach of password security could only occur at Apple's end.

I am sure the engineers at Apple hold many doctrates, including that in Networking, networking security, server administration, various computer programming languages, design, computer science as well as in business, physics, math, and even humanities. I am also sure that they have people of All age levels, with unique specialties, and of various ethnicities. It is not a matter of storing passwords on the computer, passwords are stored on the computer, regardless of if we leave the little check mark in the "remember in key chain" or not. You don't have to give passwors out. Software engineers have devised something called bots that let them try passwrods at random, hense many times you have to enter a CAPTCHA to prove your a human. They even have password dongles (by the way I think is really cool - and I am not a bad guy)

http://www.engadget.com/2012/03/05/diy-password-dongle-logs-you-in-saves-you-fro m-rsi/

There are even sites that teach others about what hackers do (hak5) and they have shown various videos, for example,

http://www.youtube.com/watch?v=yr5upPHqhlA

or

http://www.youtube.com/watch?v=UrQgcmlz0FA

or

http://www.youtube.com/watch?v=GjOduug-SC8

would you like me to show you more?

Just been hacked too . Over £60 taken from a gift card credit. Look like Japenese apps. Have contacted Apple via Express Lane (oh why can't I just speak to a human being???). Hope I get my £60 back. Not happy.

I don't use Mac computers (I stopped writing for the Macintosh when their market share dropped below 7% in the '90s). I don't store passwords on my computer. And, yes, there are some very talented people working for Apple (I know many of them).

Here is the problem with Apple security and iTunes:

1. Everybody on this list has reported the same thing: unauthorized charges on their iTunes account for apps downloaded to unauthorized devices. Why is Apple allowing this?
2. When bots (like Apple Hack) repeatedly attempt to brute force a password the system SHOULD throw them out and lock down that account. Why isn't Apple doing this?
3. Apple says that our account information is encrypted. I take them at their word. How then are our encrypted user IDs and passwords cracked? It is very time consuming to break standard 128 or 256 bit encryption. I think that somebody has Apple's encryption key.

My account has just been cleaned out also.

My account got cleaned out too from seller koramgame.com for some asian game.  I had loaded a $50 gift card but luckily purchased a few albums before the fraud hit so it's only a $16 claim against me.  When it says Billed to: Store Credit, does that mean that the money is still owed or that they purchased off my gift card?

I've since taken my credit card off the account.  I read somewhere else that someone got charged $5000 and wasn't able to claim any of it back.