Q: iTunes store account hacked

I got hacked this morning. A small charge, but I caught it & called my cc company, then changed my passwords. If enough people are calling their cc providers to complain, maybe Apple will deal with the problem. As soon as I get home from work I'm deleting every free app I've downloaded from the app store onto my iPad2. Anything else I should do?

interesting article... watch the first two videos.  http://rockcenter.msnbc.msn.com/_news/2012/03/21/10792287-university-professor-h elps-fbi-crack-70-million-cybercrime-ring

Thanks for the post! This reminds me that there is all sorts of malware out there. It's something everyone should be aware of. I installed ClamXav years ago and keep it updated. I scan my computer regularily. Recently I have started seeing some quarantines, not from places I've gone, but from spam mail in spam email folders, I haven't cleaned out. It's a good idea to practice prevention, when it comes to computer security.

Thanks for the helpful post!

@MaxPotter

> If enough people are calling their cc providers to complain, maybe Apple will deal with the problem.

What would you have Apple do? Every loss of an Apple ID on a Mac can be traced back to a user who responded to a phishing attack and entering their information on a fake website; perhaps recently by installing a Trojan either by failing to keep their software up to date or blindly clicking "OK" without paying close enough attention to what they were approving; or using the same weak password on multiple sites. Apple tries to protect the user against himself, but sometimes that's just not enough.

As far as we know, there is no Zeus for Mac yet, but I suspect that day will come soon enough.

My credit card details weren't obtained by a result of phishing or entering my details on a fake site, it was apple.com US as I legitmately purchased a software product from the same site just prior to my credit details being used elsewhere. My PC is also clean. To my mind Apple are the reason my credit card information was used by a third party and my bank shares this view.

The article's focus is on the increasing use of malware in this case it was te Zeus malware or trojan not to mention the increase of cyber crime.

@transmogrification is correct,

"there is all sorts of malware out there. It's something everyone should be aware of. ... It's a good idea to practice prevention, when it comes to computer security."

I disagree.  I do computer tech support for a living and I'm well acquainted with scams, phishing, etc. and I never click links inside emails or give out personal information - and I still got hacked last week.

Has anyone considered the fact that the iTune site itself may have gotten hacked and THAT'S how they got our information?  I think it's time Apple quit acting like they are bulletproof and quit thinking "it can't happen here".

I agee with akimbobyte, I'm very careful about those things, if they somehow hacked my computer they would have gotten alot more than just itune apps.

Seems like a lot of these hacks happen with giftcards, I wonder if there is a relationship with these on whats happening.

I am totally with you on this. The fault lies with Apple itself. Whilst like yourself I am very conscious of opening spurious links and have invested a lot of money in security sytems this site was able to hack into my account which I had entrusted to Apple. They have a duty of care to protect this information and money that I have entrusted to them. I accept that hackers may well have managed to hack there servers (heck the hacked the Pentagon), Apple still seem to be blaming their customers for being lax with passwords. Get a grip Apple and get off the shelf.

There are certainly things apple can enforce to protect users. Can bind our mac address to the store so only the devices we own can make the purchase - a new device would take a few steps of security to add. Facebook has a neat option if you connect your mobile device to your account.  Try loggin in a different computer you get rejected, but recieve a text on your phone with a code you can use to login - and if it wasn't you, you know instantly someone is trying to get into your account.

There is no question in my mind that Apple's servers have been / are under attack and their encryption algorithms have been partially cracked (which is why the company is now requiring far stronger passwords than it did just a month ago).

To suggest otherwise is incredibly naive.  I mean, as of this writing 210,000 people have viewed just this one forum.

The right thing to have done was to simply have all users change their passwords.  The company didn't need to even mention why.  But now there have been articles in the tech press and the NY Times...and it's not over yet.

Imagine the outcry if Microsoft had this same problem.  The media and tech press would be all over it.  Apple won't maintain this kind of insulated status for long if it doesn't fess up, fix the $##$$ problem and move on.

@MadMacs0

You're absolutely right. I'm really embarrassed. I publicly trashed Apple, so I feel it's only right that I publicly confess that I was completely in the wrong! I thought I had been hacked, but I had NOT. I made a mistake, jumped to the wrong conclusion and blamed Apple.

For whatever reason, it took a long time for something I had downloaded off of iTunes to get invoiced to me (via PayPal...which didn't have the product description, only the dollar amount). It's not the first time, but I had forgotten. I called the cc company to see exactly when the charge had been made...maybe I could recall if I knew what the item was and the date...but nobody could tell me the exact date of the charge. Just the posting date. Which was yesterday.

So, after all of this kerfuffle, lo and behold, last night I got the receipt from iTunes...with the dollar amount AND the description.

Oh.

Oops.

So now I feel like a complete idiot. Unfortunately, I do a lot of stupid things. Sorry Apple.

@Carlo TD - You're in the wrong thread.  This has nothing to do with malware.

MaxPotter wrote:

 

So now I feel like a complete idiot. Unfortunately, I do a lot of stupid things. Sorry Apple.

@Apple - When people make a mistake, they apologise.  You should take note of this.

@Carlo TD always wanting to blame malware/viruses/phishing.  I was hacked in December of 2010.  I have still  not found any viruses or malware on any of my computers.  They are the same computers that I was using then and still using now.  I have not been hacked on any accounts other than that one time in December when they stole my iTunes store credit.  The only thing that I have done differently up to this point, is not added another gift card.  If I was a victim of those things, don't you think that I would have been hacked again by now?  I still have gift cards that I purchased in Dec 2010 and have yet to use, but I think it will be interesting to see how long they last in my account after I finally do put them in.

Well, I can't speak for anyone else, but it is most certainly not malware in my case. How can I be so sure? Well, not only am I not dumb enough to visit bogus sites and click on links within e-mails - even seemingly legit e-mails - but if it were a keylogger it would have had to log my keys five months ago; that was the last time I made an actual purchase from iTunes. How do I know it didn't do that? I think it's pretty far-fetched to think that anyone would hesitate even thirty minutes after achieving a successful hack to use the info, much less five months, yes? You find it hard to believe that I haven't purchased anything from iTunes for five months? Well, I'm not addicted to downloading useless games (like the ones purchased using my account today) and I live on a reasonable budget. Oh, also I have a CD collection (you remember those circular things that used to play music?) that requires an entirely separate trip when I move so that I can get them all in my car, so many of my music needs are already uploaded and taken care of.

Back to the keylogging - I actually have logged into far more enticing accounts more recently: bank account, amazon account, and about fifteen other merchant accounts over the months. So if they've been watching for five months (assuming my antivirus and antimalware have completely overlooked them) why would they go for $20 worth of games when they could clean me out and order entire game systems? Nope. Sorry. The hack is coming from inside the building.