Q: iTunes store account hacked

UPDATE!

I have had all my credit re-embursed, and so far...no more "attacks"

Peter - How long did it take?

I made the first report on the 25th, and got a reply on the 26th instructing me what to do.

I made a second report of the second attack on the 26th.

Had no response on the 27th

Got everything sorted...so far....on the 28th

Update--

I notice the fraudulant charges on my account Sunday the 26th and reported them. Today the 28th all the money has been credited to my account and they are in the process of reenabling my account.

UPDATE: I received an Email from Apple about 36 hrs later(reported 25th). Basically saying that they would refund my purchases despite the "all sales are final" clause.   They have reactivated my Itunes Account but I think someone has been trying again to break my password.  PAYPAL has not fixed it it on their end yet nor have they tried to take it from my Checking Account.    I mentioned in my response to Apple that they have a problem and need to address it.   Their response in Re-Activating my Itunes did not mention any Security concerns I raised with them.   

I will not be keeping any payment info with them.

I was hit with 3 purchases around $114. There would have been more if I hadn't been close to my phone to see the purchases.

This happend to me at the end of May (KAMAGAMES Texas Poker).  Account got hacked, stole the rest of my gift card.  Worked with Apple, got reimbursed, changed my password, security question, removed my CC info...

HOWEVER:  I can no longer update any of my apps, which were legitimately purchased by me, and have been working for weeks to get an answer as to why from my customer support person, Jessie.  We now have this ridiculous email relationship where she is ever so sorry for my frustration and ignores my basic question of why I can't update my apps--and how can that be fixed.  I'm sure it can't be at this point, right?  Otherwise she would have explained it.

Can any of you still update your apps after your hacking?  If so, how did it work?  Just like normal--before you got hacked?

It's completely angrifying that Apple is ignoring this major breach.  I am beyond ******.  I wish I had another option besides iTunes....  Sigh. 

I just realized today that my account was hacked similar to the others (purchases on 6/27, 6/28, and 6/29 [tomorrow?]), all being paid through my PayPal.  Good thing PayPal noticed the odd transactions and halted payment.  They each were for about $40+, probably trying to keep below a $50 gift card style limit.  There are also currently $36 in queue, so I guess a total of five attempts at slightly less than $50 each.

I called Apple, spent a long time trying to talk to a human, finally got one and she just directed me to the web site / send an email, which I did.  Now I wait 24 hours to determine the resolution.

I called PayPal, and they are stopping all payment to Apple.  Yay PayPal!  From this point forward, I will be removing PayPal from my iTunes account (no fault of PayPal, they are great) and using store purchased iTunes gift cards.  Just want to limit my exposure in the future.

Changed all my passwords, so that should stop any future bleeding.  Unfortunately, there are a total of four computers authorized for my Apple ID, and I only have three, so I am going to try to find one more PC to install so I can de-authorize all.  Seems odd that I can't kick one off, like I can with Netflix.

On top of all this, I am out of town on vacation.

The common thread was the World War app, v1.54, Seller:  Storm8 LLC was common to every one of my unauthorized purchases.  I remember updating my apps and the list showed accurate on my iPad, but somehow the app (?) must've sent my info to someone and they've been trying to buy stuff.

I have not updated my apps and won't until I get this resolved through Apple and transfer over to iTunes gift cards.

Good luck to all, I'm going to do some housecleaning on my apps.

Couldn't edit my previous post, found this link:

http://www.tuaw.com/2011/06/08/itunes-fraud-surge-hits-gift-card-balances-paypal -accounts/

At least it makes me feel less targetted... 

Update: I received my credit back within 2-3 days and the customer service was very nice even emailed back after everything to make sure everything is working fine. I am very happy!  

I will say this, to be safe. Always buy a pre-paid gift card to make any purchases, that way, it is easier to take care of if anything goes wrong.

How is it safer to always use a gift card when this issue is only happening to gift card balances (and Paypal linked accounts)?

Go back through the thread.  I posted on May 28/29th.  It IS happening to gift cards as evidenced by my account.  Daughter went to download songs/apps using a giftcard balance, we are trying to live on cash basis only, and it was drained.  ITunes did refund within 24 hours, I reactivated account, but as previous posters have stated and I've started doing.  We now keep a "wish list" and when we have enough to use a balance on a card we enter and purchase. 

I buy a pack of smaller denominations at Sam's  Club and when we have $10 we use  a $10 card, of course you can use other amounts but that works for us with one teen and 2 adults purchasing so no loss.

I'm not real sure why you replied to me about this. That's exactly what I said; this is happening to gift card balances (in response to the previous poster saying they were going to combat this problem by using gift cards).

  Near the time frame I was hacked and started researching, before it became so "epidemic", credit cards were hacked as well, reading through the posts there was a trend of purchases on hacked accounts being traced to Maryland. 

However the original point still stands - not having a linked account prevents any additional loss and it IS better/safer to use a gift card if used all at once, and if not, you only stand to lose the remaining balance and it involves one email/call to fix, and hopefully get your refund.

Lori is absolutely right.  Use a gift card with just as much as you need to make your purchases and do not have any additional funding sources tied to your iTunes account.  Since my account was hacked a few weeks ago, I have read horror stories about funds being drained from debit cards, credit cards (Visa and Amex) and PayPal.  If you are linked to any other funding sources besides your iTunes balance, you are vulnerable.

Let me say that after my account was hacked, Apple did me right by refunding my iTunes balance (plus a couple of bucks, for some reason) and PayPal reversed the $90+ bucks that was stolen.  So I'm good now, with a new user name, changed password and security questions and no outside funding sources.  This is still troubling for so many reasons, though, mainly that this keeps happening to so many people and that Apple doesn't seem to have any comment. 

I'm afraid that the story at http://china.globaltimes.cn/society/2011-01/609351.html is accurate, because it seems to follow the modus operandi of these hackers: get in, spend a little bit in small increments, and get out, without causing a disturbance.  The accounts aren't being individually hacked, but hacked in large scale and then sold one by one in China.  At first I thought that maybe the points/coins/credits within the games were being sold for profit.

Hello everyone,

Sadly, I have to add to the list. I awoke this morning with three e-mails from Apple.

1)

Hello,

The following information for your Apple ID XXXXXXX was updated on 29/06/2011:

Credit card

If these changes were made in error, or if you believe an unauthorised person accessed your account, please reset your account password immediately by going to iforgot.apple.com.

To review and update your security settings, sign in to appleid.apple.com.

This is an automated message. Please do not reply to this email. If you need additional help, please visit Apple Support.

Thanks,

Apple Customer Support

2) & 3)

Dear XXXXXXXX,

Your Apple ID, XXXXXXXXXX, was just used to purchase 帝國 Online from the App Store on a computer or device that had not previously been associated with that Apple ID.

If you made this purchase, you can disregard this email. This email was sent as a safeguard designed to protect you against unauthorised purchases.

If you did not make this purchase, we recommend that you go toiforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.

Regards,

Apple

I know that I have not responded to any phishing e-mails or could have compromised my account in any other way. This must have been a direct hack on the iTunes Store. My credit card details were deleted and $23.99 was stolen to make this in-app purchase. Of course, I have immediately changed my password and e-mailed Apple - not easy to find out how to do this - except thanks to this thread. I phoned Apple Australia but they were powerless to help. Thankfully, no credit card transactions have resulted. I await a reply from Apple.

This is a very worrying situation. I am already unhappy with Apple over dropping some vital features as a result of closing MobileMe, so now will stop being an Apple evangelist....at least until they start looking after their faithful customers better!  Let you know if I get my credit back!