Q: iTunes store account hacked

umm there is a way to remove the gift card for a while and put it back on? probably not eh?

I wouldn't have thought so...

I am officially done with Apple and iTunes.

Furthermore, I will advise each of my clients to never trust Apple or their iCloud with any sensitive data.

Apple clearly has a major security breach and is either in denial or is purposely covering it up to maximize profit. Either way, I'm done with Apple. Apple cannot be trusted.

Yeah, it's seems to be a problem with In-app security, focused on games.

Looks like the thought police have been deleting your posts again!

At least we know "they" have been reading our posts I guess....

PatrickGSR94 wrote:

 

Just noticed that iTunes 10.6 is out, wonder if there have been any changes to help combat this widespread issue?

 

On another note, iTunes Terms and Conditions were updated in the last 24 hours.  I know this part below didn't change, but I just happened to read it this morning:

 

 

iTunes Terms and Conditions

 

As a registered user of the iTunes Service, you may establish an account ("Account"). Don’t reveal your Account information to anyone else. You are solely responsible for maintaining the confidentiality and security of your Account and for all activities that occur on or through your Account, and you agree to immediately notify Apple of any security breach of your Account. Apple shall not be responsible for any losses arising out of the unauthorized use of your Account.

 

Emphasis mine.  Really makes you feel great about Apple doesn't it? /sarcasm

It's amazing how they assume it'll always be our fault. Like noone will get into Apple's database and steal account e-mails and passwords. No, no, you're right Apple, you'd never get hacked. Nobody will beat you!

Apple really needs to get off of their high horse and actually care about their customers. It ***** when you love a company's product, but realize how rotton they can be when you need their help.

Seconded.

aircool wrote:

 

Apple "catch-all" statement,

 

Interestingly enough I have just been informed by Apple that my previous post has been removed see below:

 

Apple removed your post titled, "Re: iTunes store account hacked," because it contained the following:

 

 

Rude or inappropriate language

Non-constructive rants or complaints

 

Isn't it such a shame that they are not on the ball when it comes to theft and fraud perpetrated through their system.

 

I think that after being ripped off and patronised by standard lip-service replies I am entitled to my opinion.

 

Wonder how long this will stay...

Yeah. This morning I was hacked for $74 from my account. All for in-app purchases for some stupid WoW rip-off called "Kingdoms of War".

I get the general impression, our accounts simply aren't safe - through no fault of our own

I woke up this morning to find my £25 voucher chipped away to a measely £3.66.

文明复 from Hangzhou MR.GLEE Tech. co., Ltd and associated in-app purchases was my 'download'.

How Apple can have the gall to rid themselves of responsibility of unauthorised account use is beyond me!  Just as well they don't have my credit card details - doing a quick google I found stories of people being hundreds of dollars out of pocket

The last several posts have mentioned thinking there may be a connection with gift cards.  Maybe it increases your risk or something, but I had no gift cards...never have.  Yes, I purchase apps fairly often, usually FREE ones.  I've now been hit for about $40 through PayPal.  If it isn't safe to use iTunes, how am I supposed to make the most of my iPhone?

I spent about 30-45 minutes this morning dancing in circles with Apple's website.  I just wanted to know where else I should check for fraud.  Bank account looks fine.  Is all the info on my phone in someone else's hands?  I don't know that I have anything valuable there, but it feels creepy.

For those of you better at piecing this problem together, here's a little extra info.  Yesterday, I received an email completely in Chinese.  I laughed it off as the ultimate in junk mail.  Just after I had gone to sleep, my phone woke me up with a message on the screen about allowing apps to be loaded automatically.  In my sleepy stupor, it sounded like convenience thing.  I hit okay and went back to sleep.  Had I been awake, I think I would have looked into better.  This morning I awoke to these iTunes app purchases.  The first ones were free followed by an in-app purchase.  I haven't looked closely at the rest.

I've already changed all passwords and security questions for AppleID and PayPal, and I've submitted the disputes for the two transactions on PayPal.  Is there more I should do?

This happened to me today.

Got an email saying an device not authorised has purchased an app, KingdomConquest. Total ripped out of my account (which was added 1 week ago via a gift card) £16.96.

Having a mare trying to get through to Apple support, finally got an email back saying the purchase was made on my iPad.

That snippet of info doesn't fit in with the email about it being from an unauthorised device.

Currently Apple are saying it must be me, or someone with access to my iPad.  The purchase was made at 2 minutes past midnight this morning.

I was asleep in bed, my wife was asleep in bed, our kids have left home.  That only leaves the dog - he's sleeping in the garden tonight to make sure he doesn't play with my iPad again!!

Seriously though, how do you get Apple to give you your money back? And how to I see what devices are autorised on my account? I've tried "deauthorising all" but it says you can only do this once per year and I need to wait until April 2012 to do it again.

Love Apple products, but their security is a cause for concern.

The "Deauthorize All" function refers to COMPUTERS authorized to play purchased music and movies.  You can have up to 5 authorized computers.  A single account can have up to 10 authorized devices, 5 of which can be computers.  To play purchased content in iTunes on a computer, you first have to authorize it.  Deauthorize All removes that authorization from any computers that have been authorized by your account.

Unfortunately there is no such authorization associated with phones or other mobile devices.  If someone has your ID and password, they can purchase, download, and play purchased content from your account on that device.  And as such, there is also no way to deauthorize such mobile devices.  Your only recourse is to change your account password and security question.

Just found this on HowardForums, apparently there were several articles about this issue when it first started happening mid-2010:

http://www.howardforums.com/showthread.php/1657363-Itunes-app-store-accounts-hac ked-and-purchases-made-over-600

http://mashable.com/2010/07/04/itunes-accounts-hacked/

http://thenextweb.com/apple/2010/07/04/app-store-hacked/

http://thenextweb.com/apple/2010/07/04/appstore-hack-itunes/

http://www.pcworld.com/article/200492/apple_app_store_and_itunes_accounts_hacked _say_reports.html

Apparently Apple also released a statement about that occurence in 2010: http://www.engadget.com/2010/07/06/apple-responds-on-itunes-fraud-vaguely-confir ms-said-fraud/