Q: iTunes store account hacked

My account was also hacked this weekend.

6 seperate charges:

4 for $43.99

1 for $10.97

1 for $11.96

Logging into my Apple ID account I noticed that my payment method changed to a secondary credit card that Apple had on file but I had never assigned it to my Apple ID as a primary payment account.

My guess, Apple's servers may have been compromised. 

The primary iTunes payment account information stolen then removed from my Apple ID account.

Tip: Use a credit card instead of a debit card. Fraudulent charges on debit cards are immediately charged against the account balance.

My account was just hacked a couple of weeks ago.  Some Chinese writing Hangzhou Mr. Glee for $19.99 twice!

My account was hacked and infromation was changed bought a bunch of wierd apps.  I didn't lose too much, but I am going public to CNET about the issue, since apple says they are dedicated to privacy and security, evidentally there are still loop holes and issues.

I couldn't even access my acount at all after being hacked.  I don't understand why they need all our personal information anyways to start with for free apps.  And if we use itune cards they should change their whole process.  If it isn't changed, I will sell all my devices and go to android, because it's ridiculous how apple is limiting customers and U.S. Citizens from the option of freedom to choose. 

I wonder is Apple's new message, "Our way or the highway!", because that would be really sad.

Just had my account suspended for the third time due to it being hacked again. This is getting ridiculous. I have made complex passwords each time. I only ever use my apple ID on my iPad or iPhone. I don't trust Apple at all anymore and only ever put money on the account when I know I will actually use it there and then. Apples security is just too untrustworthy to leave money in the account. The worst part is they don't even acknowledge the problem is with their security.

I've finally got my money refunded to my account.  Apple are still not admitting they have an issue and insist it was an "erroneous" purchase on one of my devices (they can't make their mind up which one, one minute it's my iPad, the next it's my iPod which I don't even own).

I find it ludicrous that Apple are not admitting they have an issue, but keep blaming their own customers - they're biting the very hands that feed them!

If this is truly an Apple Support forum, then for God's sake Apple, LISTEN TO YOUR CUSTOMERS. If a hundred people tell you you're dead, lie down.  This problem is your problem, not ours.

If it wasn't for the fact that every "i" device is so god **** sexy, I'd be running an Ice Cream Sandwich on a Samsung box by now, perish the thought!

It would be interesting to see if Apple would respond to a Freedom Of Information Request on this issue ........

Some information from 

www.channelnewasia.com.

SINGAPORE: Credit card customers in Singapore have reported suspicious transactions charged to them through iTunes, an online Apple application store.

Their fear is that someone had hacked into their iTunes account, or that their credit card information had been compromised.

Some of these transactions can be traced to places such as China and Luxembourg.

At least six customers told Channel NewsAsia that they've been affected.

One reported unauthorised transactions of up to S$7,000.

Customers of several banks, including DBS, UOB, Standard Chartered and Citibank, reported similar experiences.

One of those affected is Ms Ong, who said she had not used her iTunes account for two years. Her credit card bill dated February showed that she had spent S$266 for two transactions.

"When I called the credit card company and asked whether there are similar case ongoing, they couldn't quite give me an answer. They actually mentioned that they can terminate my card and issue me a new card. At the same time, they can conduct an investigation but it will take 60 days. So, in the meantime I don't really need to make payment for these two unauthorised transactions, but I have to wait till 60 days later for the report to be out," said Ms Ong, a customer of Standard Chartered Bank.

Ms Ong added: "If they found out it's an unauthorised transaction, then of course they will waive the charges. But let's say, if Apple is unwilling to acknowledge this and insists on billing the customers, then the credit card company will have no choice but to bill me the sum, which I'm quite concerned with because according (on) a lot of online forums, I read that according to the US and UK customers, they're actually charged for the amount because Apple company just refused to acknowledge this unauthorised transaction."

One security expert explains how one's iTunes account may have been hacked.

Ngair Teow Hin, chairman, Security & Governance Chapter, Singapore Infocomm Technology Federation, said: "If I want to steal some goods and things with value, I would go for iTunes. If I want to use someone's credit card numbers or someone's account to purchase something so that I can use them, so I can benefit from them.

"If I go to Amazon and buy a book or buy a music CD, I need an address. The goods has to be delivered to me and it makes it a lot easier for the Police, the investigator to find out who I am, where I am and catch me.

"If I want to avoid detection, I will use iTunes to purchase things like music, applications and so on. I only need Internet access, I can be anywhere.

"For people who have their iTunes account being hacked, the usual case is you receive an email that seems like it's coming from Apple.com. You click on a web link and they ask you for your Apple ID and you happily type in your Apple ID and the Apple ID (goes) to the hackers and now they can use your Apple ID to log into your account and purchase anything they want."

One of the affected banks, UOB, has investigated the unauthorised transactions and has reimbursed the full amount to its customers.

Others like DBS Bank and Standard Chartered Bank, advised customers to opt for SMS alerts for all their credit card transactions as an additional defence against fraud.

UOB has urged customers to check their credit card statements for any unauthorised charges.

For safer shopping online, it urged consumers to transact with merchants who have robust security measures in place.

DBS Bank said it has adopted a multi-layered approach to safeguard cardholders from potential credit card fraud.

It sends SMS alerts for credit card transactions above certain pre-set threshold amounts, as well as for first time card usage.

Other than monitoring credit card transactions in real time for unusual or suspicious transactions, DBS sends a one-time password to the mobile phone of the customer who makes online purchases at merchant sites that adopt the 3-Domain Secure protocols by Amex, VISA and MasterCard to authenticate online card transactions.

DBS said cardholders should remain vigilant against card fraud, especially as more turn to shopping online.

Customers should ensure that they're making the purchases from a reputable online store with secured transaction capabilities.

Standard Chartered Bank said it has a security system for Internet transactions called 3D Secure. It also has a dedicated team that monitors and identifies any suspicious transactions on a 24/7 basis for credit card transactions.

Hi,

In view of the iTunes hacked account, I noticed two suspicious transactions of a similar amount.  I am sure I did not make such purchases.

06 Feb 2012            APPLE ITUNES STORE USD LUXEMBOURG LUX USD11.98            S$15.29 

28 Feb 2012            APPLE ITUNES STORE USD LUXEMBOURG LUX USD11.97            S$15.34

I also got hacked Around £20 of credit used up, on -KingdomConquest- in-app purchases.

Fearless Bandit wrote:

 

My account was hacked and infromation was changed bought a bunch of wierd apps.  I didn't lose too much, but I am going public to CNET about the issue, since apple says they are dedicated to privacy and security, evidentally there are still loop holes and issues.

 

I couldn't even access my acount at all after being hacked.  I don't understand why they need all our personal information anyways to start with for free apps.  And if we use itune cards they should change their whole process.  If it isn't changed, I will sell all my devices and go to android, because it's ridiculous how apple is limiting customers and U.S. Citizens from the option of freedom to choose. 

 

I wonder is Apple's new message, "Our way or the highway!", because that would be really sad.

CNET has already published an article on their site about this, just about 1 month ago, although I think the number of reports in this thread has jumped greatly in the past month.

http://reviews.cnet.com/8301-19512_7-57374384-233/itunes-customers-reportedly-un der-threat-from-digital-thieves/?tag=mncol;1n

More from Singapore, www.channelnewsasia.com

SINGAPORE: More credit card customers in Singapore have reported unauthorised transactions charged to them on the App Store on iTunes.

This follows Channel NewsAsia's exclusive story on March 12 about such cases.

In the latest case, a Citibank customer who only wants to be known as Ms Toh, said she had 17 unauthorised transactions amounting to S$1,700.

Her bill indicates the deductions were made in Luxembourg over a month last November.

She said the bank told her in December it would need 60 days to investigate the case. Two months later, the bank informed her it needed another two months to investigate.

She said as a result of the investigations, the bank did not cancel the card and she did not have to pay for the deductions.

Ms Toh made a police report last December.

Citibank said it is investigating the matter and is providing assistance to customers who have called them.

Another affected bank, Standard Chartered, said customers will be fully compensated if investigations show there is a genuine case of fraud.

- CNA/fa

Same thing happened to me.  This receipt was sent to my email. I immediately changed my password.  I also noticed that my Apple ID changed to this: 117410uyutyfftr9@lvvl.info.

Magic Eye Color Effect, v3.2 (4+)	Loveyouchen	App	$1.99
Plump&Skinny Booth, v1.8 (9+)	Black\Matrix	App	$1.99
Color Splash, v1.7.2 (4+)	Pocket Pixels Inc.	App	$0.99

Thankfully it wasn't too much money, but a refund would be much appreciated.

I also had my account hacked today. I hadn't logged on for years and so I was surprised to see two emails from PayPal telling me that I had made recent purchases via the iTunes store. While I was trying to figure out what was going on, a third purchase came in.

I have already changed my password and have removed all funding sources from my account. I've also disputed the charges with PayPal and have sent an email to Apple customer service about it.

I'm really dissapointed to see that so many people have been affected by hackers and nothing seems to have been done. This is the first time I've ever been hacked and it ***** big time. I wasn't much of an iTunes consumer to start with and now, with what has happened, I doubt I'll ever be again.

My account was hacked as well! They bought the same game as yours too, the "宠物猎人 " I lost $25. I hope they can stop this one day!

Sigh I went to sleep thinking everything had been resolved. I checked my bank account and noticed the unauthorized charges weren't there. So, I thought everything had worked itself.

I wake up and see that iTunes has finally sent invoices for the unauthorized purchases and they have also been charged to my bank account. In the response from the iTunes Store Customer Support team, I was told that PayPal had initiated a refund for the first two unauthorized orders and that they had reversed charges on the third. I understand that it might take me a while to get a refund back, but I hoped it wouldn't.

What they bought, in case it helps anyone else. They were all gifted to variations of 'ddddddddddd'.

Again, I hadn't logged onto my account in years. I had only made music purchases before. I don't have an iPad or anything that might need apps from them. I don't understand how this happened. Now, I will have to think hard about all the other places I have abandoned and try to remember if they have billing information that might come back and bite me in the ***.

In conspiracy theory land, a week ago I recived an email in Chinese from KKBOX. I didn't think much about it and sent it to my trash bin. Today I went back and looked at it and it was an account registration confirmation email for the email address I had used for my iTunes account. It may not be anything, but it's a bit suspicious.

Message was edited by: margaritafromca to include all unauthorized purchases

Finally - some exposure of this situation in the times:

http://www.nytimes.com/2012/03/16/technology/pressure-on-apple-builds-over-app-s tore-fraud.html?_r=1&hp