Q: iTunes store account hacked

Fortunately, I (knocking feverishly on wood) have not had my account cracked, but someone sure has tried — multiple times. I've been locked out of my account several times because of someone trying to get in. But it's not just my .mac/.me/Apple/iTunes account. It's other accounts. Yesterday I got a password reset notice from the company that does the blood, etc testing for my primary care doc. I did not request a password reset, but it makes you wonder about the safety of electronic health records.

I wish that Apple would provide a way, as Google does for gmail, to know where recent activity originates from. If you have a gmail account, you can just go on the page and click on recent activity, and it will show you the IP addresses of devices that have accessed or tried to access your account. Much as I hate some of the things that Google does, it would seem to me that this should be standard. I don't suppose that it would be possible to just block IP addresses, because it could be a library or cafe computer, or it could be cloaked, but at least it would be helpful (?) to know where this stuff is coming from and who is doing it. For example, let's say you're a lawyer in a small firm that doesn't use email from a proprietary domain, but an ISP like comcast or verizon, or even .me. Someone getting access to your email could be ruinous to your clients. Knowing where activity comes from could point to someone with an opposing attorney's office.

Apple obviously recognise they have a major issue and seem to be acting responsibly with their customers. By the the thread of this discussion other accounts may have been comprimised. Its abount time they issued a statement to all account holders instructing them to change their passwords and lock their accounts until they do so. ......Come clean Apple on this issue or accept that market confidence with significantly reduce.

Puddle,

I couldn't disagree (respectfully!) more. If Apple were acting responsibly, they would allow us to choose an option whereby all downloads to unrecognized devices had to be authorized via email reply before download. In my opinion, changing passwords will have no impact on reducing this specific threat. Many people in this thread and others believe it is caused by a program that hacks into Apples servers and retrieves passwords and other account info. Apple sent me an email advising of the download to an unrecognized device. Thy should not allow the download until I confirm it is a legit device. I would much rather deal with the bother of authorizing a device prior to download than the hassle I went through getting my money back.  While they agreed very quickly to my request for a refund top my pay pal account, it took 10 days for the credit to get back to PayPal. That was 10 days I was out over $300. Unacceptable.  And how many people never requested the refund? Or waited to long? This has been going on wayyyyyy too long. Apple is NOT behaving responsibly.

Published this week in a retail b-to-b blog:

http://www.rsrresearch.com/2012/03/13/the-itunes-hack-attack-hiding-in-plain-sig ht/

The number of views on this site is staggering.

wow, my post with a link to a Facebook page for victims of iTunes account hacking has been removed.  Great job Apple.

/sarcasm

My iTunes account was also hacked in November 2011, with someone making a series of purchases of Chinese games, each worth about $20.  It went on until the funds ran out in my PayPal account that was linked to iTunes - to the tune of $600.

PayPal restored the funds after about a week, but Apple did not respond at all to my request for inquery.  I am relunctantly still using App Store, but I no longer link any credit card or PayPal account to it.

Apple should definitely look into the security issues within iTunes store.

There is an Apple Store in Towson, MD, 21286.  I can't figure out why you would need to change the city, state, and zip if you were to hack someone's account; typically these items on the account need to match the billing address on the credit card used for purchases (not sure how that applies here).

Has anyone been able to figure out what's happening?  Obviously these hacks are related.  What's the connection to Towson, MD?  It's ironic that there is an Apple store there (with not the best reviews on Google).

It would be helpful if we understood how this works so that Apple can lose the gap or at least we could protect ourselves.

This has happened to me, i have had £34.99 taken from my account by 宠物猎人 application i never downloaded! I thought something fishy was going on when last week apple asked me to create a new password, but i never thought of this, i have just sent an email and awaiting a reply. Does anyone know if apple refund you?

We woke up this morning to find that my wife's account had been charged over $40.00 for in-app purchases for Kingdom Conquest. I logged into my own account and saw a message that it had been accessed by a device not previously associated with it. I immediately deleted my credit card info from iTunes, and I don't plan on ever re-entering it. In the future, if I need to buy anything from iTunes, I'll get a gift card or pre-paid Visa.

Contacting Apple and getting help was a nightmare. Why don't they have a phone number for customers to report fraud? Your only choices are email or to try and make an appointment to chat.I called Apple's regular support line and insisted that they help me. On of their regular support reps contacted the iTunes support and dealt with them for me. Apple eventually agreed to refund the money within 4-5 days.

Apple needs to improve security, and provide users with a phone number to report account fraud, especially since this appears to be a prevalent problem. Do a Google search for Kingdom Conquest fraud, in-App purchase fraud, or search these forums.

Dear senseijack,

I do not even suggest using pre-paid itunes gift card as my credit are all from pre-paid itunes gift card, bought $150, hacked and stolen almost $140 almost.

Itunes/apples did not even bother to contact me or call me, what the **** Apple......Class action pending.....  give me my money/credit back   APPPPPLLLEEE

"Itunes/apples did not even bother to contact me or call me, what the **** Apple......Class action pending.....  give me my money/credit back   APPPPPLLLEEE"

Have contacted or called them?

I was hacked this weekend to, though I'm not sure how that can happen as I'm the only one with the account, and all 5 of my computers are assoctiated to the account - though 3 of them are in pieces in the basement - been with apple for 16 years and long time itunes users so I have've had ever generation of mac book and I never sell them - I wear them out and buy new.

So it makes me believe these hacks are coming from the server side and not from the users end, or via my password. If they had my password why would they stop at itunes and not hit the apple store and buy some goods? So I'm doubting thay got my password.

104.00 in apps were purchased all from the same manufacture.

口袋战争：魔界勇士HD中文版, 1150个钻石

KONGZHONG CORPORATION

When these hacks happen my laptop was off - the battery was dead and I was out of town. No one had access to my laptop or my house for that matter.

Apple quickly refunded the 104.00 in a matter of 12hours, it was a bit tricky finding out how to get a hold of them as the normal chanel in itunes would open a web page to trouble shoot your itunes problem and our questions. Anyways burried in that page I found a way.

Oh interesting to note my account was suspended from this hacking so apple's security did picked up on the hacking.

I don't know what I could do differently to prevent this from happening again, thus the reason I would like to know how this is being done in the first place. 

I've read a lot of the posts in this thread because I had a similar experience just a couple of days ago.  That's when I found out that iTunes is 100% web-based with NO PHONE NUMBER.  To talk to an actual human on the phone, I had to call Apple Care and log a call for iPad support which finally got me transferred to the people I needed to talk to about account security.  This was after playing email tag with some lady in Elbonia (or some such place) in a futile attempt to explain my situation. 

Long story short:  Are the people at iTunes so swell headed that they don't think it's necessary to have a phone number to call for security issues when your account has been hacked?  Do they think they are that bulletproof?  Waiting a couple of days for an email reply when some jagoff is running around with your credit card information just doesn't cut it in this day and age.  I have an iPhone, iPod and an iPad and, if we are going to be forced to be tethered to iTunes, then iTunes needs to be more accessible when you have a problem.

I am just adding my story. some how our account was also hacked. We are very carefull with our passwords and what we open. We have all apple products so its not a PC thing. We had a 40 dollar gift card and a game called galaxy empire billed to our account. It looks like apple shut it down pretty quick, but I would sure like to know how they got into my account. Had to remove credit card, and now we are having to keep an I on our bank account. And apple should have a dam phone number for this, not just an email. We called the 800 number and finaly got thru.

My credit card was cancelled yesterday after they had proven unauthorized transitions originating from apple, they have been owed why isn't there a stink like Sony