Q: iTunes store account hacked

Did they hack my account, make the purchases using a (stolen) credit card, then delete the details?

that's what it looks like to me. it's been approximately 10 hours since my incident and my available balance hasn't reflected those fraudulent charges. very strange. maybe these people in china think that using our accounts to make the purchases will make us look like the bad guy?

the details from the stolen card were still on my account but i've already removed that stuff because it's none of my business to have it. i'm not even sure if removing my credit card details from my account would prevent me from being a victim in the future... they could hack anyone and just add the stolen card details to your account.

transmogrification wrote:

 

"Fundimental". Thanks for the catch.

To be correct, it is "fundamental"

(though I don't believe that the spelling is what Carlo TD was pointing out).

I was 'hacked' back in December, so I've been watching this forum carefully since then.  I'm wondering if it's multiple hackers using the same hack. Sometimes a victim states his cc was used, others say the charge was placed on an unknown card. Some state it was taken from a gift card and a few have stated they hit their paypal account. My charges were against an unknown cc.  Hmmm... Makes me think that maybe some are using the cc number from one hacked iTunes account, but charging it against another iTunes account. Perhaps as a diversion.  The differing amounts really makes me lean toward multiple, unrelated hackers. One might be timid about the theft, so they only charge $.99, while another drains a customer's credit account. One thing I think I see which might be common amongst the victims... It only seems to occur when you use your iTunes account.  The activity may trigger a bit of spyware somewhere (certainly not on an iTunes server!) and then they get hit. One sure thing... If you want to be free from this threat, just sell all your apple equipment and buy Android or whatever. But then again, once an iTunes customer, maybe they can hit your old iTunes account after you've moved on to another product. Ya never know.

Right... food for thought

Chinese handset maker ZTE has confirmed a vulnerability on one of its Android-based smartphones it sells in the United State that can be exploited to completely take over the device, Reuters reported Friday. 

The vulnerability exists on the ZTE Score M, a barebones, inexpensive Android 2.3.4 (Gingerbread) smartphone available for $99 in the U.S. through MetroPCS. Basically, a backdoor hole apparently built into the phone by ZTE allows anyone with the hard-coded password used to access it can take over Score M model phones—and worse, that password was published online by the anonymous pastebin poster who first identified the backdoor hole last week.

The anonymous tipster described the vulnerability as "a setuid-root application at /system/bin/sync_agent that serves no function besides providing a root shell backdoor on the device. Just give the magic, hard-coded password to get a root shell."

ZTE told Reuters that it is working on a fix.

"ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future," the company told the news agency. "We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices."

Dmitri Alperovitch, co-founder and chief technology officer of security firm CrowdStrike, described the existence of the backdoor as "highly unusual" in an interview with Reuters. Alperovitch, who also spoke with PCMag on Friday, questioned why such a vulnerability would exist in the first place.

He said CrowdStrike researchers had determined that ZTE is pushing software updates through the backdoor but noted that this was a highly unorthodox method for doing so.

"The backdoor on the phone is used by ZTE to install/uninstall various apps on the phone, but that is a perverted way to accomplish this task. There are legitimate and Google-supported APIs for doing the same thing that don't introduce any security risk to the phone," Alperovitch told PCMag. "So it is unclear whether this was introduced due to sheer incompetence on the part of ZTE developers or has a second more malicious purpose."

Indeed, Reuters drew attention to security concerns U.S. authorities have expressed about China-based computer manufacturers in recent months, though those concerns have generally had more to do with back-end equipment security than with consumer devices like the ZTE Score M.

Alperovitch told the news agency that whatever's going on with the backdoor on the Score M, it's not something he or his team have ever come across on a smartphone or handset.

"I have never seen this before. There are rumors about backdoors in Chinese equipment floating around," he said. "That's why it's so shocking to see it blatantly on a device."

well i see im not the only one, how ever it was after purchasing an ap, that someone in guan africa withdrew money from my bank account one was for a phone company and other small withdrawls then hit big trying to withdraw 4000$ from my account, thanksfuly my bank stopped it and rang me yesterday, now I have no money due to the pilfered small amounts several of them,, bank closed my account and im in limbo with an account until they send me new details.

what number did you use to get in touch with apple about these fraudulent charges? I have been trying for a while now and the only thing i got was a place to send them an email, which i highly doubt would do much good and take about a year to get solved.

At the bottom right of practically every page on Apple's site is a link "Contact Us".

http://www.apple.com/contact/

This linked page includes phone contact support as well as email for your convenience. I hope this helps you.

Yes it is. Thank you, much.

Yeah I tried all of those numbers already and get no where, they all say that the itunes part that does the billing aspect does not have a phone number to reach them at to discuss fradulent charges. It kind of hard to believe with a company this size they cant afford to pay someone to answer a phone and be able to drop the charge of my account over the phone instead of playing email tag forever.

I really find that hard to believe. I have contacted Apple before concerning my account, they were very helpful getting my issues straightened out. They even guided me through logging in to it. Maybe try calling during business hours on the West Coast.

And try the "Express Lane" support. Many people in this thread have reported success and satisfaction resolving their issues using the Express Lane service. I hope this helps.

well I live in Australia, got through to apple in Australia who transfered me to fella in usa, who after 10 minutes of telling me its hard to beleive directed me to email them through their on line message center, which resulted in someone called Matthew emailing me from itunes support informing me  they had my case in front of them and further proceded to tell me it couldnt be possible, but prepared to look at my case and help me... I returned email to him insisting yes it was through itunes i got done... no email in return from matthew.. most unsacifactory, anyways my bank covering the small amount, im one of the lucky ones, others have lost absolutely thousands. I will never use my debit visa card on itunes ever again, never ever had issue with shopping on line in 12 years til now, fraud agency is looking into the supposed guam culprit who my bank has informed me.. many of their clients using itunes are mainly targeted stream of recent, I was one of hundreds on her book for the day to call.

I believe my account was hacked. I got an email saying my billing info had been changed. I wrote it off as a phishing scam. Today I tried to update an app and got a message that my account was locked do to a security issue. Has anyone else had this happen?

At the bottom right of this page is a link "Contact Us".

http://www.apple.com/contact/

This linked page includes phone contact support as well as email for your convenience, as well as information about "Fast Lane" customer support. Many people here have reported success and resolution for issues with their accounts.  here  I hope this helps you.

I am afraid that thecsame issue happened to me today! My account has been hacked and my whole voucher money has gone! Does apple have a security issue? How could the hack into my account? How do I protect my account. Hopefully apple will give me ghe money back! this is very scary and annoying!!!