Q: iTunes store account hacked

Another "met too". Just added a $25 gift card I received yesterday, and this morning it was cleaned out. It was "-KingdomConquest", along with a bunch of in app purchases.  The number of authorized computers seems correct.  I have changed my password today, and used the support request on the web site to request a refund.  This *****, Apple knows it does, and so do the Apple fans who want to ignore everything negative about the way Apple products work, and the way Apple does business. Why doesn't Apple allow us to see which device made the download of the app? Or the exact date and time, and IP address ?

Same thing happened to me on May 26. Wiped out the remainder of a $25 gift card with a Poker App from Kamagame. Reported it yesterday and waiting for support response . . .

There are ways for the hackers to disguise their IPs, etc. but it should be perfectly clear to Apple that the number of reports of fraud related to unauthorized "KindgomConquest" purchases on gift cards show a clear pattern of the system being compromised.

All of you that have had this happen recently should receive your gift money back while enduring your accounts being deactivated and your reactivating them, as well as any computers you previously had authorized. I suggest using up the gift card money as soon as possible because there have been reports of second attacks cleaning out accounts after being reactivated by Apple. It's amazing to see how this entire situation is not reported.

As a matter of fact, without any prompting, my account was deactivated again over the weekend, causing me to reset it, my password, my security question, and personal info. I'd try to push this against Apple, but I know I'll run into the same wall as I previously had, and have to reset my info yet again while they supposedly look into the problem, probably ending up with another 5 free songs offer to make me complacent yet again. Instead, I'm going to finish out my current contract and never use Apple again.

Good luck to the rest of you.

Should because that's how it worked out for you? Or should because it would be the right thing? How long did it take them to get back to you about the situation?

It took a day for me to get a reply back from Apple support. It took 3 or so days before I got my refund. Outside of that, I detailed my efforts at getting more feedback/support earlier in this thread.

I also had my account deactivated over the weekend.  Apple offered no explanation, but I presume this was an attempt to drain my account again.  It took 3 days to recover the account this time, and another round of changing passwords and security questions. 

Now I have my credits, but I'm not in a buying mood and I missed the holiday sales.

Just got an email re: a Kamagames on an account I haven't touched in YEARS. I've never been a fan of iTunes, only made the account because I got a free gift-card. Thank goodness I never associated any credit/debit card info to it. Now I'm dealing with setting up a virtual machine just to install iTunes simply because I don't want that p.o.s. on my system, and evidently you MUST use iTunes to manage your account (flaw anyone?). Anyway, from the research I've done into this thus far, I'm going to propose the following: It seems as though there have been a few under-the-radar hacks of Apple's iTunes account lists (under-the-radar to the press at least, who knows if Apple is aware) over the last few years, and that is what has lead to the ability for hackers to sell accounts on TaoBao. This is the first time I have had ANY of my accounts hacked (15+ years in IT), and it seems unlikely to me with the timing on these posts that brute-force hacks just so happened to nail large numbers of accounts simultaneously (especially with the many people stating they have complex passwords). As a result, I'd follow my standard recommendations: Utilize a masked email address that is forwarded to your main address. Use a unique password. Limit personal info listed. And finally, do NOT associate a real money account to your iTunes account.

There's my piece and report, enjoy the $10 I never would have spent (although it is interesting that they were able to charge that much, i thought I only had a $10 card, and had spent $2.)

I've just received another invoice for another 3 -KingdomConquest- purchases totalling $29.97 on my account even though they wiped the $75 in gift cards I had on Sunday down to 0.05¢. And I've still gotten zero response from Support.

They got me too. $80 in gift cards and I'm down to .53 cents. Still waiting to hear back from apple. Emailed them yesterday. This *****.

What do you mean with setting over a virtual machine to get rid of that £<<~><!~>?

It happened to me as well: $15 gone to poker chips for a KamaGames LTD app.  I'm suspecting a rogue app on my iPod Touch, and here's why.  I entered a gift card for $15 through the iPod, and less than two days later, the money was gone. The hackers either had to have a very sophisticated monitoring program which could scan compromised accounts, regularly checking for credit, or they would have to be notified when store credit was added to the account.

As to your question about how these hackers are making money, they simply sell the credit at a better exchange rate to current players of the game for real money.  The most critical reviews of the Texas Poker game on the itunes store were complaining of the practice.

I wonder how many people in this thread have reported this issue to their local authorities...

This happened to me today.  I woke up to several emails telling me about payments from my PayPal account.  Upon investigation, I found that a free app called Kingdom Conquest had been "purchased" (quotes because it was a free app) and subsequently several purchases of credits/coins/whatever were made through my iTunes account.  They dinged me for about $100 from PayPal and wiped out my iTunes balance as well. 

I have filed disputes with PayPal and reported this to Apple.  I heard back within an hour from Apple, and they refunded my credit balance.  Kudos to them for doing that.  I have changed my iTunes password and username.  Bizarrely, the hacker (if that's what it was) didn't attempt to lock me out of my account.  Thank goodness for that.  Be aware, however, that this is ongoing.  I was not phished.  I have a long, complicated (but not random) password.  Still, they got access to my account.

Best advice I have outside of disabling your iTunes account is to completely remove any attached credit cards or bank accounts.

My account got drained to the tune of $140. It was worse because I had set up my PayPal account and linked it with my iTunes account, so it drained through PayPal. The positive of that was PayPal reimbursed me, but I haven't unlocked my account so the 140 is still sitting there.

I went to go get food somewhere, and my debit card had been declined. Freaking out, I ran home and started looking at bank stuff. Seeing withdrawals from PayPal in $20 increments amounting to $140, and from my PayPal account, I was furious. Is Apple going to do anything?