Q: iTunes store account hacked

michael from colorado wrote:

Telling customers to quit complaining, just means the issue has probably not gotten the attention of someone high enough up in the company to get a real resolution. 

Don't see where anyone is telling people to "quit complaining".

Same exact thing happened to me...not sure how it happened because my password is secure and I am very cautious about how I go about my iTunes purchases, etc...  I don't have a credit card on file, I use gift cards and receieved an email that I had purhcased this:

Brotherhood: Ultimate Guide, v1.0, Seller: gao jing - $1.99

Cheats Guide for Black Ops, v1.0, Seller: gao jing - $0.99

both are SoftStar applications.

I contacted Apple about it and they refunded the purchase, but never mentioned that it has been happening to others too...sounds fishy to me.

Just noticed this happened to me a couple days ago too, exactly as said by everyone else. Kamagames poker, never downloaded a game by them, $22.98 drained. I had put a gift card that i got from my barclay itunes card on a couple days before. Never had a hack happen before or since. Random password of numbers and characters. Changed it already, but it also had my city as somewhere else. I rarely purchase things, but i tried to get something at $.99 and it told me i didn't have enough, i only had $.98, so i checked my purchase history.

I'm boggled why they don't just ditch Kamagames out of the store, and ban everything they do. They clearly are part of it. I'm also thinking the gift cards are somehow "tainted" too, as so many have just used them before being hacked.

Just had my account hacked for "kingdomconquest" and "texaspoker" as well. A bunch of charges all ranging from $22-43.99. But the weird thing.... in Itunes it says my account balance is now $111.25 and before this hacking, I don't think I had much of a balance at all. I could be wrong though. Confused...

Same thing happened to me on May 12/13.

I redeemed £70 of iTunes gift cards last weekend, didn't spend any then but logged on today to see my account drained and Poker apps purchased along with loads of in-app chip purchases.

I changed my Apple ID password and reported it.  My concern is this could be related to the recent PS3/PSN network hack - I used the same credentials (dumb I know) and forgot to change my Apple ID password.  Anyone else think the same or is some other vulnerability? 

tanny_man wrote:

My concern is this could be related to the recent PS3/PSN network hack - I used the same credentials (dumb I know) and forgot to change my Apple ID password.  Anyone else think the same or is some other vulnerability?

It's simply a coincidence.

I don't see how it could be related unless your AppleID is the same as something in your PS3/PSN network and they also knew you had an iTunes account with a balance.

They wouldn't simply start searching the PS3 info then seeing if they can get into an iTunes account with the same info.

Similar issues. Topped up with £15 made a puchase or two then next time I launched iTunes I spotted kingdom conquest was automatically downloading and store credit wiped. Checked history and it was in app purchases. Odd thing is that my bank details were already removed from my account. Also noticed there's and extra computer now authorised to my account. Major confidence dropped with apple. Simple search in google shows the scale of this issue.

Sorry forgot to mention I've submitted and online request to investigate it. My password isn't the easiest nor my secret questions. Also really anal with antivirus an freewalls! Something's is getting through the loop.

Why did they only spen the value of my store credit? How did my bank card details remove themselves gin my account..

Do apple have to deaithorised all of te computers against my account? I know how to do it on the particular device.. But I don't have access to the hackers computer to deaithorised them!

My account got hacked a few days ago too:

Texas Poker, 500k chips, Seller: KAMAGAMES LTD $9.99

I only use gift cards, last time was back in Feb of this year. Customer care issued a credit refund instead of refunding my credit card. I replied asking them to refund to my cc. If they don't I'll call my cc company to do the refund and then close my iTunes account.

I had a $40 gift card balance and Kingdom Conquest just hacked me today with a $38 charge. Obviously this has been an issue for quite a while with no solution in sight. Very disappointing. I hope I get my money back.

It appears to me even more similarities between customers include some of the following:

- Apple blaming the user for 'accidental purchases', not dealing with the problem as a hack or calling any of this a 'problem'; moreover claiming each person is having a unique and undignified exclusive issue.

- A few particular 'apps' (never music?) are commonly abusive ways of ripping off people.. like a poker app in particular or some odd ball game ones I wont give free advert to.

- The Apple so-called 'support services' email-based overseas spends little or no time at all reading the emails. (Seriously, can they even understand the language? The responses are so off base all the time). Doesnt matter if you have CC action numbers to include, or an FBI file register number on a detailed accounting, they respond with a step by step script that have nothing to do with anyone's particular case at all. It is never helpful, never supportive and never 'solves' the problem. I did far more in proactive and reactive action than those talking heads ever outlined on the emails.

- Unless people are not mentioning crime activities using their CC OUTSIDE OF APPLE, it appears to me this crime is being committed only WITHIN the Apple system and confined to the limitations of either the gift card or C card limits/credits. Its almost like they can freely and easily access ANYONES iTunes/Apple ID account and purchase Apple things, but they cant do anything else outside the system.

So perhaps in fact the CC info is actually protected, the use of the system that automatically BILLS this information ISNT.

Why arent limits used to the max on something really worthwhile like a car or jewels or goods? Why crap apps like a poker app, that clearly is being exchanged for money in a commerce like way, but nothing that shows abuse being turned into hard currency that can be used on anything a crook would rather prefer to have?

Why?

Im asking why here because Apple is REFUSING to discuss or deal with the problems at all (just shut down and refund), no one is considering the oddity of it, and no one but the victims seem to be addressing the problem as anything but 'irregularities'.

My CC appears to not have had a single debit outside of the Apple problem, months after the initial abuse. I am not going to 'get another CC card' as Apple pretends is the solution.

I believe wholly the problem is an inside flaw in iTunes accounting, Apple's system of commerce, or otherwise an inside job. There is no other logical conclusion when it is confined JUST to the data they are storing in their commerce data banks.

"Apple shall not be responsible for any losses arising out of the unauthorized use of your Account."

This part of one of their EUA's says it all. At no time does Apple ever seem to outline any accepted responsibility to anyone for anything; they put all losses, problems, issues, debts and hack attacks on the customers' shoulders, is how it reads to me.

This being stated up front, I now will learn to live without ANY Apple product or service that requires me to leave sensitive information with them that can be abused against me, as Apple has written clearly they do not want or have to protect me or solve any Apple-related problems that affect me. A secondary approach might be to take the existing account that doesnt have the CC stored with Apple, activate it with CC data ONLY for the few minutes it takes to get a purchase done and a PO number from Apple, then withdraw the CC data immediately after.

Heck of a hassle and complex way of doing business for just a dollar song or app, but obviously necessary.

Oops, just to clarify my post. Turns out I never added my cc on file to my iTunes account (yay) and the hacker just cleared out the gift card balance. I got the refund, a one time exception as stated by the copy/paste response. Good thing I don't make any app purchases and only a rare song purchase since I only have an old 5th gen ipod video.

I agree with Brad's thoughts on this. I have already uninstalled any app that stores any personal info or ties to personal info from both my iphone as well as itunes as well, because my entire exchange - plus this thread - has shown me that Apples security is not anything to have trust in. I'm not sure which part is breached where, but I'm not taking any chances with anything being exchanged between my iphone, itunes, and Apples databases.

For anyone new to this thread, you will more than likely have your credit returned by Apple. I suggest spending it as soon as you can, as much of it as you can, to protect yourself from having this type of attack from happening again.

I have the exact same problem. I just checked my itunes account after not using it for several months and found that my accounts been changed around to towson MD and the game kingdomconquest was bought.

I called a rep but they weren't really helpful. They just kept me on hold for a long time and kept sending me to different reps who all said the same thing...and sent me to another rep.

I'd like to follow up on my experience, i filled out the form on the support web site, next day or so got a response, and got back to them on the weekend. Not counting the weekend where i'm guessing they weren't working, it only took a couple days to refund the amount, lock the account, then have me verify it was me, reopening my account. They didn't imply it was "my fault" for being hacked, a little sad about the 'one time only' thing, as hopefully it won't happen again, but concerned if it does i'll be out of luck.