I had my iTunes account hacked last night. I even received an iTunes email saying that someone was downloading apps to a new device. But that didn't stop them from giving away over $50 of my store credit. Glad I didn't put my CC in iTunes.
The thing that grinds my gears is this: You follow apple's "advice" to report a problem with a purchase in iTunes, but hey, it does NOTHING! Then you try to get help with the express lane support or whatever, and it's "currently unavailable." So basically Apple is telling me I have no options, and a little fraud is a small price to pay for the pleasure of doing business with them?
How has this not reached the media yet? I've only been monitoring this forum and another since my account got hacked a few weeks back and its obvious that the majority of what is going on is not caused my account/password phising. I know in my situation that there is no way someone was guessing my password to get into my account. Someone had to hack apple to get to see my credit card info. My password was 9 characters, random numbers/letters, upper and lower case and symbols and ONLY used on the Apple itunes store.
So, does anyone know anyone in the press or popular websites that can force investigation here? Because I tell you what, something is going on, and it'll be a cold day in **** before Apple ever gets my credit card again
Actually, it has been in the media. For more than a year. After my own account was hacked I wrote a piece in my own B-to-B retail blog "The iTunes Hack Attack: Hiding in Plain Site" and discovered it had already been reported in USA Today. A few days later, the NY Times wrote a piece on the subject, which I re-tweeted. Then I saw it in the UK Guardian. By my count there have been at least 6 articles on the subject. And hundreds of thousands have viewed here.
Apple has an amazingly teflon image. Nothing seems to touch it. The company has started doing some proactive things in response to the issue, but if Microsoft or Amazon had it this bad, the public outcry would be far larger.
After my post last night just got this back from Apple. Basically they charged my card with a small amount to "verify that my account has sufficient credit, once my bank verified the card they applied a credit"
What they fail to understand is that credit card companies apply charges immediately but dont charge credits for a few days.
This then led me to believe, as i had not been informed by Apple they were to do this, that the charge was fraud, and cancelled all my cards
Look at what happened to Sony after the PS3 security breach. Granted, it seems that the problem is not security on Apple's end, but there are probably failsafes they can put in place to make sure new devices and computers aren't downloading content.
After all, they make you jump through so many hoops to authorize computers and sync devices, etc. What's one more failsafe to make sure an account is secure. Is it so tough to send an email to the address on record and say, "Hey, do you want to allow this device to use your money?"
...and here is another account with fraudulent / identity theft activity.
Last evening my account was hit with three separate orders/transactions totally approx $115.00. These took place in a four minute period just before 7 PM. The first two purchases went through while payment for the third was declined. The iTunes store was paid for the first two fraudulent purchases and the third was declined meaning not only did the iTunes store fraudulently debit my account but is now trying to hold me hostage for another $30.00 I did not authorize and do not owe.
Along the same lines as earlier reports, various data items were changed in my account information.
I have reported this incident to Apple and am now anxiously playing the waiting game. We'll see...
Happened to Me last night (April 14, 2012), Some Texas Hold-Em Game (with Korean fonts), was Purchased and wiped me out of $75 with In App Poker chip purchases. Now I'm Down to $0.24. I've read too many post, Lets cut to the chase here.
To Apple: Stop denying this is a problem, There are too many post of this situation and there's no way this is an Isolated issue. I've NEVER delt with a company who insults their own customers by denying something that you don't want to deal with and THEN blame THEM for a lack of security procedures on their part. As an IT manager for the last 20 years, I take it personally as an insult on my intelligence.
To Apple: You can not tell me you have no way of tracking who the apps are from. With Google, Facebook, and all the other services tracking EVERYTHING you type, everywhere you go, and your sleeping habits, I know you can back-track the ip's. Yes they can be spoofed, but perhaps you should call the FBI computer forensics department. Ill bet you they can have an answer for you in less than 5 minutes.
To Apple: THIS IS NOT A WEAK PASSWORD ISSUE. IT IS A BREACH IN YOUR SERVERS. Someone, quite possibly internally, has allowed access to the user database (which I have no doubt is encripted). It seems only to effect people who have a "credit" with gift cards and only 2 people can have access to that information. Someone internally who has access to this information, and the people who produce the cards themselves and know the algorithm to produce the secret number.
To Everybody Effected: Changing you password is pointless until Apple can resolve the issue. It is obvious that the password is being bypassed. There is NO WAY that there can be this many hacked accounts using password fishing (My password is random letters & numbers and I promise no one can guess it). I would recommend keeping no balance and not associating any credit cards to your account and not purchasing any more games, music, or anything else until this is resolved. I notice Apple seems to take things a little more serious when it comes to their revenue stream.
To Apple: Lets assume its password guessing as your support people (google, not hard to find), are telling people. How about locking the accounts after 3 attempts like the banks do? Then on the Accounts page, don't list the entire email address so somebody can redirect the email and change the setting without sending a verification to the "on file" email account. How about a "high security" option that when selected, no apps can be downloaded or in game purchases without an email verification first? Even better a text message with a random 5 digit code (that's only valid for 5 minutes), that I would have to enter into the app before It would download?
To Apple: Ever thought of simply DELETING the programs from the apps list so they cant be downloaded in the first place? There only seem to be 5 or so apps causing most of the problems. Why continue to keep the apps up there causing more problems for more people? Remove them. There seems to be a common thread of a company called "KamaGames, LTD" Whats the problem with investigateing them?
This is not intended to insult anybody and is stating nothing but facts, but this is a serious issue that is effecting many peoples lives, especially with bank accounts being affected. Think of people with debit cards tied to the checking account. no funds, and now getting NSF charges because of checks previously written and will now bounce because of this. "Were looking into it" is simply not good enough for those of us effected. We want results and I've given you several suggestions.
I was also hacked this weekend. Someone used my credit card details, but not my accout itself to download/buy over $700.00 worth of Apple products! Seeing everyone elses posts only reconfirms my suspicions that it is indeed Apple that is the problem.
Step up and admit that you've had a breach Apple because this is ridiculous.
My credit card company contacted me to report suspicious purchases and are handling it - but I doubt they'll receive any help from Apple with the matter.
Mine was just hacked last week. I got an email for an itunes receipt of an $89 purchase. My account was disabled, my billing zip code was different, and my credit card number looked off. No charges were made to my bank account whatsoever from itunes (had the bank double check). Itunes issued a refund on the mystery CC for $89. Told me no one could get my CC info, because only the last four digits are ever displayed. I only had $5 in store credit, the rest went to my "CC". Not sure if I'm in the clear though. I'm still worried that someone out there has my CC number and info, even though nothing was charged to my bank account. Anyone else have a similar situation?
Someone asked why this hasn't reached the media - it has. This has been going on since 2010 and there are several stories about it out there. Just google 'iTunes account hack' and scroll through the many links to this forum until you find them. They are a bit old at this point. When contacted by news media Apple's response seems to have been a form letter. From an article:
"Apple takes precautions to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, disclosure, alteration and destruction. Apple online services such as the Apple Online Store and iTunes Store use Secure Sockets Layer encryption on all web pages where personal information is collected."
Is that a flat-out denial? Technically, no. It's the same kind of answer my kid gives when I ask if she's done her homework. As for the answers they give to individuals I cannot say, though I have seen many people say their particular incident was approached as though they hand their password out on business cards. When I contacted customer service through chat here on the site they were friednly and helpful and everything was worked out to my satisfaction. The party at fault was not part of our discussion - just the crappy taste of the hacker who bought what are essentially Chinese Farmville tokens.
I think the points greghig made are valid if a bit angry. It's been a while now and no one has stepped up to address that there even IS a problem, that most of these incidents are linked, which is a kind of denial.
Again from an article:
"Apple Insider speculates that the iTunes gift card algorithm may have been compromised and compares this problem to an earlier attack on iTunes. 'In 2009, iTunes gift vouchers surfaced on Chinese websites for pennies on the dollar after hackers allegedly discovered a way to generate codes,' writes Apple Insider."
My issue is just with the fact it seems like the only way someone could have gotten my credit card information would have been through my iTunes account. How is it that someone can use a card that is linked to my account to purchase items at the iTunes store with what I assume is another account (as the purchases were iTunes purchases and do not appear on my account, nor did I receive confirmation emails for them)?
Should there not be a fail safe that does not allow several accounts to have the same credit card information attached to them in case someone illegally acquires your information?
I'm not even concerned about talking to someone from Apple to try to fix the problem as I trust that my credit card company will handle the issue for me. Reading through some of the responses above definitely makes me not want to contact Apple about this type of issue anyways.
I concur, NakitaB. My credit card was used to for unauthorized purchases for which I've received no emailed receipts and that do not show up on my account. I think someone gained access to my credit card data and created another account. I've basically stopped using the card over the last year, except for iTunes. It's not stored on other accounts. This all sounds like a security breach at Apple, and the Citi rep all but told me that was rampant right now with Apple. My iTunes/AppleID password was sufficiently complex, IMHO--I don't think it was guessed.
It aggrivates me most that I had to seriously hunt to find a web page to attempt to contact Apple about this. I also discovered 866-712-7753 on the support web site, which has only a message that directs one back to the web site. That's NOT VERY GOOD CUSTOMER SERVICE. If Apple has so much in reserve cash, perhaps it's time to invest in better security and more customer support.