Q: iTunes store account hacked

This is a huge thread but my experience was fine:-

1.  Got two transactions on my bank account for iTunes (when in credit).

2.  Contacted both Apple and the Bank who checked and reimbursed the small sums.

3.  Removed my bank details from the iTunes account.

4.  Solved with a work around

So, my work around is as follows:-

1.  You only need the bank account details when initially setting up the iTunes account.

2.  Once set up, remove card details and use the redemption vouchers (that way you handle up to the maximum you add to the account by redeeming the vouchers).

3.  Always keep small amounts of credit on your iTunes account (for me it is up to £30 at a time).

It is awkward but when supermarkets/etc have iTunes vouchers on offer (UK £25 for £20 cash, etc) then stock up on them.  That way any fraudulent activity in the future only hits you for a small amount.

Treat your iTunes account like you would your bank account and check purchases every month.

I made some purchases on my phone a few days earlier so I had to put in my bank account and security numbers for the first time. It went well until today I got a notification saying I made a purchase while I didn't?! The problem is when I check my account on the apple website, the bank information is blank, but I'm worried that since I made some purchases before, the bank account is saved somewhere else and somehow it got leaked... Can you show me how you can completely remove ALL bank info on the phone and on the web? This is totally freaakiiingggg

PeNoXinh

Step 1and 2 above to start with, get them to deal with a fraudulent transaction.

I would also request a replacement card from your bank (the 16 digit number and code on rear will be different).  This will effectively render the current card blocked and unable to be used.

Use this link for iTunes:-

http://www.apple.com/emea/support/itunes/contact.html

I had two unauthorized withdrawals from iTunes each in the amount of 106.86 from my bank account on New Year's Eve. There were no purchases listed on my account as I have never bought iTunes.........I had the information stored for my iPad apps.  I deleted that information.  Trying to get a hold of someone from iTunes was impossible.  I canceled my credit card and have submitted a charge back form from my bank for the amount. With all my proof.  We will see what happens.  My question is cant itunes or the bank tell from where the iTunes were actually purchased from, as to who did this?  I think it may have been  DVD-USA.com who I tried purchasing a box set of DVD's as a Christmas present.  They listed my product as being delivered, but it wasn't, then they emailed me to let me know it was out of stock and I could buy something else.  But no way to do that....if I had wanted too.  The company was from china.    Nuff said.

Live and learn.  iTunes get your act together.

Onepissedblonde wrote:

 

My question is cant itunes or the bank tell from where the iTunes were actually purchased from, as to who did this?

I'm sure they can, but when I asked iTunes for details they told me I would need a court order for that and to send it to their litigation staff.

Please note, just because the name of the debit from bank account/credit card says iTunes then don't think Apple took the money.

It is the same for spoof phone numbers - display one thing (eg UK or USA) when it is something else (eg Planet Zog, etc).

The scammers rely on people not noticing or acting on the debits from their account(s).

Please help someone - I'm panicking! I received two emails from Apple iTunes early this morning saying I had made a purchase for a game which I hadn't: Castle Age HD, £31.99 and that I had also changed my credit card details which I had not. I saw them on waking and completely panicked having recently been the victim of fraudulent activity on my bank account (Wonga taking payments) and leapt out of bed and cancelled all of my cards.

I then tried to change my iTunes password as recommended via the "iforgot" link provided. I requested this twice and both times no email came through in order for me to click on the link and change my password. So I then had to use the alternative method of entering answers to security questions (which I couldn't even remember setting?). I typed these in but they didn't turn into asterisks as I typed in the answers and it seemed to allow me to go through and change my password which I did. I wondered if this was normal - my security question answers were on full view when I typed them in?

I then went back into my iTunes account with my new password - which worked - so I assume all was now in order and went to the account setting page to check on card details etc. I didn't immediately recognise the card number showing and at the same time realised you need that last three digit bit in order to make a purchase in any case (unless they somehow have my details from other purchases made on other sites?).

What I want to know is - is it possible to make a purchase from my iTunes account with someone elses credit card registered to a completely different address? My address is still showing as correct. Also, you have to enter my password everytime you want to make a purchase so how on earth did they get my password? Did they hack my iPhone or my iTunes on the laptop?

I have also tried to remove all payment details from the account as I am worried it is for a card I have not yet accounted for and I don't want this happening again or to have to deal with any fraudulent activity as I found the whole Wonga thing extremely stressful and it was a battle to get my money back :/

Very stressed and all advice welcome and appreciated - thank you.

These are the times when I HATE HATE HATE the internet! I spent a bl**dy fortune on Kaspersky to try and stop this sort of cr*p happening to me :/

Njb72

It is easy to add/change credit card details once in an account.  Let Apple know of the fraudulent activity as I identified above.

The other thing wrt security is different passwords for different things. why? Because if they have only one password to say iTunes then that is all they can access.

I would also use mothers maiden name as password/security whilst using something only you know and different for each use.

Omg same thing happened to me today as what happened to njb72:

my phone has been with me all weekend in my house, no one has been round etc. My phone started turning itself off saying it had no power when it was on 20 something %. then i got an email from apple to tell me i had updated my card details and made an in app purchase... i hadn't done either of these things (i hadn't even got the app 'global war' which in app purchases were made) and contacted apple immediatly. Sure enough, they confirmed an app had been downloaded with an i app purchase made of £69.99 (which they have agreed to refund). i am not sure how this happened, i have in app purchases disabled on my phone and my ipad. after i got off the chat to apple, the app appeared on my phone - so i deleted it immediatly.

how can my phone start downloading apps i know nothing about?

how can i get charges for in app purchases when this feature is disabled?

i've asked apple to delete my cards from my itunes account... what else could i do to make sure this doesnt happen again? is there an app in my phone that people can use to use my phone??

im not techy, im confused and worried. should i tell my bank?

thanks in advance for any help

blinkie, the iTunes store and iPhones can be confusing as to how they both work together.

Here is a good place to start with familiarizing how the store works:

http://www.apple.com/support/itunes/purchases/

It is a great resource that may answer some questions. Good luck and I hope this helps!

Same same. I live on my my own and my laptop and phone have been with me the whole time. How has this happened? And how can I stop it from happening again. I just checked and my receipt says in app purchase. I don't even know what this means. Does it mean I was supposedly in the app and using it when I made the purchase. I didn't even have the app on my phone but like you blinkie I awoke to it trying to download on my iPhone with the battery drained. I have a really poor signal where I live (no 3G) so it never actually fully loaded to my phone, but as soon as I got up and logged into iTunes to change my password and change my account details to none, it immediately downloaded onto my iTunes? Whiskey Tango Foxtrot?

I searched high and low for a UK Apple telephone number to call but couldn't find one I have managed to schedule a call back although the earliest I could get was for tomorrow at 5.30pm. It's very poor in terms of customer service as far as hacking and fraudulent activity on accounts is concerned. I am one very unhappy Apple customer right now and I want answers. How did this happen? How can I be sure this won't happen again? Are Apple products now finally open to hacking and viruses and all the other joys of modern internet usage?

I'll update you once I've spoken with Apple tomorrow. What explanation did Apple give to you blinkie? I think one of these days I am going to bid farewell to modern technology. It causes me too much stress!

ps - how do I disable in app purchases on my phone please blinkie?

Thanks Mark for your reply. Just a couple of things - what is wrt? I also don't understand your last sentence. Are you telling me to use my mother's maiden name as a security question for iTunes? Thank you

I've cancelled all my cards now so presumably whoever it is won't be able to buy anything more as they won't work :/ And that's the last time I'll be purchasing anything with any sort of card on iTunes.

I presume whoever hacked my iTunes account now has my full name, address and telephone number as it clearly shows this on the account page

As has been said numerous time in this thread, phone support is not available from Apple. You need to go to ExpressLane and fill out the form to get things started. That will get you through to the iTunes fraud unit, something the regular Apple Support folks won't be able to easily do for you.

Sounds like you have already done the most important thing by contacting your Credit Card company. You should also make sure that your credit reporting agencies put a freeze on your accounts so that the thieves can't use them to obtain a card in your name. You should assume that the thieves have the information from your account now.

There doesn't seem to be a single answer as to how this is happening.  Some accounts are clearly being hacked, probably by guessing the password.  In my wifes case, they never touched her account, having gotten her card number by some other means and simply using it in somebody elses account to make charges.  Others have had their gift card immediately drained only a few minutes after it was first used.  Many users have found themselves locked out of their accounts because the thieves changed the password.  Once they got back in they found that all the personal information and the credit card number had changed.

Don't expect to get any detailed information from Apple on how this happend.  They told me to have my lawyer contact their legal department with a court order in order to receive anything at all beside a refund.

blinkie and njb72, you don't need to provide your phone number to have an iTunes account. You can also remove all your credit card info from your iTunes Store account page. That way, with all purchases you will need to manually enter your credit card info each time. As for purchases auto downloading to your iDevice, the link I provided answers that and much more. Here is a direct link:

http://support.apple.com/kb/HT4539

Auto downloading of apps with all devices that share an Apple ID is a feature of iTunes, that can be easily turned off. It just takes a little time read the instructions on how the software works and how you can customize it to your likes.

Apologies Madmacs - I hadn't read through the 121 pages of posts :/

I have been reading through a few earlier posts just now though and this has totally freaked me out even more :( What is compromised in terms of security - is it my laptop or my phone. Or both? I'm laying here in bed at 2.23am having a total meltdown worrying about all the info that can be accessed on my phone. Do these people now have full access to the content of my phone including my hotmail (which contains a lot of password info for online credit card accounts etc), my notes, my reminders, my contacts etc etc.

I can't understand how they got my password and whats to stop them from getting it again? I feel sick with anxiety. And if they somehow managed to see the keystrokes needed to access my iTunes then presumably they can see the key strokes for every other login and password I use. My head hurts :(