Q: iTunes store account hacked

Following up, iTunes is taking care of my problem now (I emailed them yesturday)
All though it is a one time exception, I got my money back and am in the process of having my account reenabled.

I got hit yesterday with the Kingdom Quest hack. I never downloaded the game and got hit for $90 for in-app charges. I have seen new post going back to June 2011 for this issue. Can some please fix this problem. 

keith37129 wrote:

 

I got hit yesterday with the Kingdom Quest hack. I never downloaded the game and got hit for $90 for in-app charges. I have seen new post going back to June 2011 for this issue. Can some please fix this problem.

Nobody that posts here, we're all users like you. Call Apple iTunes store.

A very similar thing happen to me on Saturday March 24 2012

1.  The first thing that happen on Saturday 24 is that I could not log into my iCloud Account.  I tried loging in using my iPad, iPhone, and Mac and they all failed.  Mail, iMessage, iCloud completely out.  The problem was that my password was incorrect but I was using the right password?

2.  After several minutes of frustration I decided to reseat my password.  After doing this everything started working OK.

3.  Three days later I get another error message asking that I update my credit card information in iTunes.

4.  When I when to iTunes I noticed that some of the info like my name and street adress were right, BUT my zip and state were wrong and the last four digits of my credit card did not match what was on iTunes.

5.  I decided to check my purchases and found two purchases on the 24th for two $20 gift cards that I had not authorized.

6. I called my credit card company but we did not find the $40 charges so I am guessing that the gifts cards were not charge to my account.

7.  I sent an email to Apple and they removed the credit card information and asked me to reset my password.

8.  After reading this forum I plan to reset the secret question as well.

9.  What is different about my case is that the unauthorized purchases were not charged to my credit card.

I just got hacked this morning. Apple was really good about giving me my credit back but I'm really concerned about the lack of information about this hack. Like many of the people here I'm more security conscious than average (firewalls, antivirus, scan my home comp and laptop weekly, never open attachments from people I don't know, have very secure passwords) yet was somehow hacked anyway. I've had my iTunes account for 10 years and have NEVER been hacked till now. Now I'm very wary about linking any kind of financial account to iTunes be it credit cards or paypal but I need to do that in order to make any kind of purchase. Not really sure what to do now. I've read on CNN that this has been going on for more than 6 months - is Apple taking any kind of action?

@napuli

That's almost verbatim what happened to my account a couple of weeks ago.  What I *think* might be happening is that someone has hacked into iTunes and stolen a lot of account passwords and credit card information.  They are then hijacking the accounts and changing your contact information so you won't be notified of any purchases by iTunes.  They then try the credit card information on file with the password from your iTunes account.  If they match, their work is done and they can charge stuff to your account.  If, however, the credit card on file doesn't use the same password as iTunes, they change the credit card information to another (stolen?) credit card and change your city and state to match that credit card's billing information.  At that point, whether they succeed or fail, they are guaranteed that the account owner and the credit card owner will never see an email from iTunes since that email address has been altered.  Basically, they are using one person as a "mark" and the other person as the "fall guy".

In my case, they renamed my email account then tried to use my credit card so I would never receive an email about it since it was changed to an email address that doesn't exist. 

When they couldn't use my credit card (possibly because my credit card password is different than my iTunes password), I got notification from the credit card company (not from iTunes) that my billing agreement with iTunes had been terminated.  That was the tip off to me that something was wrong. 

After going around with Apple and iTunes for hours, I was finally able to get in and view my account information.  That's when I found out that they renamed my email account and then linked my account to someone else's credit card and changed my street and state address (maybe to match the stolen credit card's billing address).  In this case, I was the "fall guy" and whoever's credit card they used was the "mark".

This is a huge problem and I hope you all get your issues resolved. I also hope they track this problem down and kill it at the root because this is getting beyond silly.

Having contacted billing services via chat my issues have been resolved quickly and agreeably. Even had a bit of fun mocking the hacker's taste in crappy games with the representative who helped me. XD

Good luck to you all!

@akimbobyte

Can you please explain what you mean by credit card password?  In iTunes you only need 1 password to get access to credit card info.

What is clear is that someone got in, plug a new credit card in my account, and purchased two $20 gift cards.  My guess is that they copy the codes to make store purchases.

My fear is that my credit card info got plug into another account just like someone else's card got plug into my account

Maybe the thing to do is to call whatever wrong credit card company and number show up in your account and let them know what happen.

I will not be able to do this now because Apple deleted the wrong credit card info

@napuli

I may be wrong about that - but, for a lot of purchases, I use PayPal to check out.  To finish the check out, you have to log into PayPal to okay the purchase before the transaction completes.  I'm thinking now that doesn't happen when you buy from iTunes since they have (had) my credit card information online.

In any event, I'm assuming they tried to use my credit card and were unsuccessful since my billing agreement with iTunes got canceled by PayPal.  OR, maybe the agreement was canceled because whoever hacked my account changed the credit card information to someone else's card.  Because, when I was finally able to look at my iTunes account information online, it showed the last 4 digits of a credit card that I don't own.  Again, I'm assuming that's why they changed the street and state address - possibly to match the information that went with that credit card.

Long story short:  There's something going on and iTunes appears to be trying to cover it up.  There are too many similar posts on here for them to not be aware of it - even though they continue to tell users that the fault lies with them.  Perhaps a few Tweets to CNN or the New York Times might get some attention.

My apple account was unsecured as well. someone made an itunes purchase for $23 to KindomConquest by sega.

I would suggest you go to the horse directly and submit a request asking them to open the topic for discussion, and investigate this matter otherwise, utimately Sega will be reported to the Japanese Authorities.

https://segaofamerica.zendesk.com/entries/20589273-unauthorized-charges-to-an-it unes-account

thanks for the link. that's just what I was looking for. I only lost $23. But it's looks like so many other people have as well. you'd think apple would want retribution as well.

To report crimes to the Japanese National Police the link is this:

http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.npa .go.jp%2F

This might be of more usefull for everyone since there is an email on this site: http://www.first.org/members/teams/cfc

Message was edited by: Carlo TD

Sega's Response

Hi,

This is a result of your iTunes account being hacked and the hacker using it to make unauthorized purchases. It has nothing to do with our game other than being what the hacker chose to spend your money on. You will have to contact Apple Support to get this resolved as we have no access to iTunes billing.

Best Regards,
SEGA Customer Support