iTunes store account hacked
On November 23, 2010 I purchased a single song from the iTunes store for .99. I used store credit that I had from a gift card I received last year. It was the first purchase I had made since July 2010.
On November 25, 2010 I received a receipt for 2 more separate orders to my account. These were for over $50 in iPhones apps. Here's a sampling of some of the purchases:
1 eREAD isoshu, v1.5, Seller: ChengDu YueTong Internet Information Co. Ltd (17+)
2 Plants vs. Zombies, v1.3, Seller: PopCap Games, Inc. (iDP)
3 Monkey Island 2 Special Edition: LeChuck's Revenge, v1.1, Seller: Lucasfilm International Services Inc.
4 Asphalt 5, v1.2.6, Seller: Gameloft (9+)
5 Let's Golf!® 2, v1.0.1, Seller: Gameloft (4+)
6 Frames & FX for Photos, v2.5.1, Seller: Imikimi, LLC (12+)
7 Stenches: A Zombie Tale of Trenches, v1.0.1, Seller: Thunder Game Works (9+)
I do not have a credit card linked to my account, so these were made using my store credit.
I have only 1 computer authorized for my account (my personal home computer). I live alone and no one else touches my Powerbook but me. I also DO NOT own an iPhone, so I would have no interest in apps.
After I saw these bizarre purchases, I checked my account. I noticed 2 strange things: My account information had changed: My street address was correct, but city, state and zip had changed to: Towson, MD 21286-7840. I have never lived in Maryland. Also, I noticed that my password recovery answer had changed to "Murray" in response to a question about my mother's maiden name. That's decidedly NOT my mother's maiden name. Also, my birthdate had changed to an incorrect month and day.
I immediately changed my password and my recovery question/answer challenge.
I reported problems on all of these purchases and also contacted iTunes Account Support by e-mail.
Within 24 hours I received an e-mail from "Vicki" at iTunes Customer Support. She wrote:
"When reviewing over your account "name@domain.net" and the two reported orders, it shows that the content purchased within them was acquired from the computer that is currently authorized for your iTunes account. So I strongly advise that you do consult with those in your household regarding the purchases made, and the charges that resulted from those purchases."
Further:
"I have gone and reversed the charges for the two orders....You will see a store credit in three to five business days....Please note that this is a one-time exception, as the iTunes Store Terms and Conditions state that all sales are final."
I am pleased that Apple is refunding my store credit and replied so quickly.
However, it is simply impossible that these purchases were made from my computer. Again, my Powerbook is the only computer I have ever authorized to access my account, and I am the only person with access to it.
I am not sure how this happened. Any thoughts or similar experiences?
Powerbook G4, Mac OS X (10.5.8)