Q: iTunes store account hacked

I'm pretty sure it's not phishing either. If it is, they are pretty stupid to go after $20 of a iTunes gift card instead of my bank account.

And speaking of phishing, it generally relies on tricking the user into entering their username/password. I regularily scan my computer. I've only ever typed gift cards into iTunes (or course), and the only time I've typed my password in (which is unique to iTunes) is on iTunes, and on my iPad. If they've hacked either of those, well........

It's curious they "seem" to be attacking accounts with gift credit on them. That's got to be a hint.

The most frustrating thing is this seems like such an incredibly easy problem for Apple to solve, don't allow purchases from unauthorized devices!

I have a lot of Apple products, but it's not like I buy one every day. It would be no big deal at all when purchasing a new Apple device to go through an process to ensure it's the genuine article. Simple, no?

Cheers!

                                  Dan

hi,

Thought I would post. I have had my itunes account for many years, usually use my debit card for purchases. There was a promotion with my local petrol station and I claimed for £60 of iTunes gift card vouchers. 2 days ago I entered the codes from the back of the cards. Yesterday my account was compromised and all of the £60 was cleaned out apart from around 35p.

I called Apple in the US who refunded the amount apart from 69p which was an in-app purchase, I guess ive lost that 69p which isnt a huge amount but its not the point.

Whoever compromised my account tried to change my apple ID and they have removed my debit card from the account too.

It just all seems a bit suspect to me that the only time I enter codes from pre-paid vouchers my account gets compromised!

thanks

matt

Guess it's time for me to jump on the wagon.
I also had giftcards from family members from christmas. I go on today, and this is what showed up:

-KingdomConquest-, KC 660CP SEGA CORPORATION In-App purchases for

4.99

4.99

25.99

0.99

47.07

.... Seriously wanting my money back.

OK I'm thinking if the gift cards is the issue then it could be possiable that gift cards might be from china as counterfeits gift cards. Somehow got ship over seas. I haven't got rob yet on iTunes. But I did install Kingdom Conquest while back. But I never did play it or run it.

either that they already have a huge list of usernames and passwords and constantly scan them for credit maybe.

Perhaps someone or something is intercepting the process where you add the gift card vouchers?

Cant really tell, would be nice for something in iTunes where you can see the last 10 logins or something with IP addresses.

Credit cards are no use unless they have the 3 digit CVV number from the back.

Also this whole iCloud is now worrying, they can effectively also locate your devices, even remote wipe them. With iMessage they could also recieve a duplicate of your messages and you would be none the wiser. Read your personal documents, see your personal photos.

I dont get why Apple allow the transaction though, they send you an email saying an unauthorised device has made a transaction but allow it anyway, whats the point in having authorised devices in the first place if this is allowed? Surely it should deny it and shut the account down then alert the account holder?

The ability to change someones AppleID login isnt good either, that should be locked and perhaps only changed with a call to Apple to verify details.

Its not like Apple are short of cash to solve these issues.

This forum lists dozens of people who, like me, had Paypal, not gift cards. It appears the fraud goes after Gift Cards if they exist, and then Paypal accounts. I have seen only a couple where people said it was their credit card.

Apple will refund your money, send an email to  itunesstoresupport@apple.com

What infuriates me with Apple is:

1) This whole sorry mess can be avoided by requiring authorization before allowing downloads, free or not, to unrecognised devices.

2) Their responses to the refund requests imply user error or stupidity - and by now they simply have to know the problem is on their end.

ive never linked a Paypal account to my AppleID, it just all seems so targeted like they know everything about peoples accounts, whats in them and how they are funded.

when I spoke to Apple support they basically told me I was unlucky to get targeted two days after adding iTunes gift cards to my account, now to me thats a little suspicious, my account is years old, has the same password since I created the account (yes not good me being lazy), so at any point over say the last 5 years they could have logged in and downloaded free apps, hijacked my account, downloaded my previous music purchases etc, so why two days after credit being added?

The CVV check I believe only came into force in the last year or so, if a credit card was linked to the account like it has been for years also, they could have syphoned apps and other things using my debit card years ago.

The whole security questions to reset your password thing is a farce these days too with so much information about people being publicly available on Facebook etc.

Something just doesnt stack up or maybe I really just am unlucky.

Happened to me over the weekend, I changed my password immediately and contacted Apple.  They contacted me overnight to say they'll refund and have deactivated my account.

Worrying thing is I was left with only 0.18 credit but since I changed my password another purchase has been made overnight for 1.98 which has gone through.  Worrying because I changed my password yesterday and even moreso that a purchase has been allowed without funds available.

Time to trend this on twitter methinks and see where it goes.

Marwen, sorry to hear about your account being syphoned too!

Although you changed your password did you also change your security question? From other posts I read on here sometimes they enter their own security question once in so they can get back into your account via that method.

Many thanks, I've now changed the password again and updated all the security details.

Hoping that's the end of it.

Cheers

I'm a Sys Admin. I do pick difficult passwords, and unique ones for any sites.

My Visa was compromised Sunday morning.  First time in my life.  Near $1000.00 in charges in a few hours. Bank called me about it, I canceled the card, immediatly logged into my itunes account (even using different PC then usual) changed everything and did all the usual safety precautions.

What I don't get is that they used a different account. Not mine. I never seen any emails saying purchases were made because they made another account and used my visa info somehow.  Yet, apple seems fixated on that my account was hacked into.

My Visa card itself never leaves the house. Its actually quite new.  Hardly used anywhere really. Now I'm looking at getting some Equifax protection or something because I have no idea exactly what information was stolen.  I'm not sure if I can blaim apple or myself or another site or..... no idea.  But I was not impressed that the email from apple implied it was all my fault, that they made an "exception" this time in refunding it and so on. Not that I don't appreciate it, I just feel that there is a lack of information being passed onto me here on exactly what happened and as a result, I'm just paranoid now.

I can tell you this, there be no more VISA going onto my itunes account anymore.

OK I have received my refunds which is good but obviously I remain concerned about the way it was done.

I have asked Apple to provide me with every piece of data they hold about me as is my right under the data protection act and details of all my transactions and history.

I've also asked for details of the device used to purchase as allegedly it used my ID I am then entitled to the information.

Let's see where we get, not far I'm guessing.

My apple id was changed to a different email address then they made the required purchases and switched it back to my apple id.

Im guessing thats done so you (the legit owner) dont get the email invoice.

Only way I found this out was an email from apple telling me my contact details had changed to a different email address.

I logged into my account after it was locked out for 'security' reasons then I could see under account history what was purchased.

Still concerned my debit card got removed.

How did they manage to use yours without the CVV number? Thats quite worrying. :/

Well I can log into my account, and I can NOT see the purchases that they made the weekend. I can only see the last things I actually did get, which were FREE apps, stuff for a game called Skyrim.

As for the CVV number, no idea.  Besides the initial time I added the card to itunes, I have NEVER been asked for it again.  Now if they took my visa from somewhere else and just happened to buy some itunes stuff with it....again, how are they getting the CVV?

There's just too many scenarios and with no details as to what really happened, I can speculate all I want, I'll never know.

The idea of changing the my apple id back to mine when they were done would make the most sense, BUT why don't I see the purchases in my history when I log on?

If you first use your card to buy something on your mac or iphone etc it requests the CVV number from the back of the card. Once your device is classed as authorised it wont ask for the CVV number again with future purchases.

If its a device you havent used before logged in with your apple id and its unauthorised it will prompt you for the CVV number before it will make the transaction.

It sounds more like someone has swiped your card details and not used your apple id at all.