Q: iTunes store account hacked

And this is why I'm really starting to think it's either an inside job, Someone AT apple selling/trading/leaking iTunes info to a bunch of scum. (Apple isn't immune to disgruntled employee's)

Or there is a security hole in either Apple's website, or iTunes itself.

I use Firefox.. i rarely fire up Safari so i don't think it's a safari.

As I stated earlier, I changed my password the first time at iforgot.apple.com, then entered the new password into iTunes to check the purchase history etc.

an hour after that... Password was changed again, and the $40 in purchases made.

I never put the new password in my iPhone, and honestly until about an hour ago... not on my iPad either.

outside of logging in here, I haven't used the new password outside my MBP. (on my iMac now) but still haven't used the new password in iTunes on my iMac yet. JUST the MBP.

As someone pointed out earlier, it could be phishing.. But i doubt it.

I got the 2nd email saying a free purchase has been made, right after the first saying my password was changed. And i did verify that purchase was made... All I had to do was see it was downloading to my iPhone as i read the e-mail. (app sync turned on)

Still no word from Apple.. Not looking good.

This isn't the case. coming from within apple people's account and credit cards are hacke dall the time. By many different things . I tunes will reply to you.If not call apple refuse to email anyone and demand they do a chat with itunes through that chat service (this is availabe you justneed to scream about it) your account is not very well protected if your getting hacked. password ect. But people are hacking people's account yes. How, we don't know. same way a credit card number gets hacked on the net. People are smart and getting smarter .

Would like to give an update to all here.

Little over an hour ago i received a response from Apple. They agreed i did not make the purchases, and will refund my account for the amount stolen in the next 3-5 days.

98% of my faith in Apple has been restored!

the other 2% will be when Apple figures out how this happened to all of us, fixes the problem, and those responsible are taken care of.

So there is still hope for the rest of you.

$40+ hacked from my account for the KingdomConquest App.

Had everything put back after apple reset my account.

Apple support said the best thing I could do to bring this problem to greater attention at apple is to submit the feedback form and pass on the link to others with the same problem. Here's the information I was given:

Please know that Apple takes the feedback from our customers very seriously. This is the reason for our feedback page - to create a forum where our users can vent, praise or share whatever feelings they have to allow us to meet your needs, and grow as a company.

I took the liberty of submitting your feedback to Apple on your behalf. I would also encourage you to share this link with all of your friends and family who wish to submit the feedback, and have them all submit the same request.

Here is the link for you.

HYPERLINK "http://www.apple.com/feedback/itunesapp.html"

I know sometimes it feels as though submitting feedback will not yield results, so I will also invite you to check out the following link.  This is a letter from Apple's CEO addressing customers who purchased an iPhone very early on at $599, then the price went down to $399 shortly after. Mr. Jobs heard our customers and Apple responded accordingly.

HYPERLINK "http://www.apple.com/hotnews/openiphoneletter/"

I hope that you will consider sharing your thoughts on the feedback page.

"I hope that you will consider sharing your thoughts on the feedback page."

Frankly given the great hassle Apple gives you trying to get in touch with a real person over this matter and not some script-quoting East Indian emailer, I personally will not bother.

They didnt bother listening to my feedback saying how the new iMovie/FCP-X interfaces go against all UI that video editors around the world rely on and expect, and they didnt care when I mentioned the grey icon feedback in iTunes window (color was better, hands down). They ignored the immediate reactions to the hockey puck mouse too, until the computer line it was introduced with went through a major revision... If Jobs sets his mind on something, even in a market sector his company has NOTHING to do with originating (video editors/editing), then the official response will always be "tough, its this way now get used to it" even if its a bad idea or implementation. He expects the sector to follow his lead, not the other way around.

An update: the investigative reporter left not long ago and will be culminating her investigation on the 5 and 6 o clock news broadcasts. I seriously hope this raises the level of exposure to the problem but, after 3 years of steadily rising reported cases of fraud and abuse, I doubt very much it will have that affect. At the very least Apple should take responsibility for jeopardizing our credit card information indirectly as I have no doubt at all the operation is occurring on their end, not on the computers of Mac and Windows users around the world.

Be more communicative and responsive. And change the EUA to not isolate an abused account situation as the victim's loss and problem.

But thats pipedreaming...

Same story here.  Got 3 ITunes cards, entered them in iTunes yesterday and money was drained by Kingdom Conquest purchase (in-app) today.  I have emailed Apple Support and changed password.

Interestingly, the latest iOS 4.3.4 has the following inclusion:

"Re-introduced the ability to cancel and delete apps that are currently downloading"

..is this to allow us victims to stop Kingdom Conquest from continuing to download? I suspect so...

My store credit balance was immediately 'hacked' and drained hours after I logged off. 

I believe that the hackers have gained access to the 'secret' pin numbers and are running computer programs to locate the ones that have been activated.  I don't believe that very many cases involve actually using your password.

My account got hacked - they determined it was not me and credited the $ back.  The problem is, no one will respond to my required e-mails that I need to send in order to get my account reactivated.  They are holding a lot of users hostage by ignoring us and not giving us access to their legitimate $.

So sad that they say someone will respond within 24 hours.  It's been days and nothing . . .

What's a good alternative to iTunes ? - they really have not earned my $ or my loyalty.

well after weeks of keeping my iTunes acct disabled - i had it reactivated today and POOF -- the amount credited back to my account gone within minutes and i had to go though getting my .mac and .me accounts unlocked and changing the passwords --

this is enough !!!!  itunes needs to make it so you can change your ID into it -- everytime this stupid account get hacked, it screws up my email and my phone !!! 

Im am so sorry i ever supported apple and got this stupid iphone and actually thought that apple was different and cared about its customers !!!   this is just dumb at this point !

I received an email invoice today for app downloads made on 7/16/11 that were not made nor authorized by me and were not downloaded on any of my devices. My giftcard balance was cleared out. The purchases were as follows, notice the pattern?

Artist: Kelefun

-HD Cam - 12 Mega, v1.0, Seller:  Liu xiahua (4+)

-Lomo effects, v1.0, Seller:  Liu xiahua (4+)           

-Telescope Pro, v1.0, Seller:  Liu xiahua (4+)

-Fisheye cam, v1.0, Seller:  Liu xiahua (4+)

Artist: TopoMobile

-Night Shot, v1.2, Seller:  John Knight (4+)

-Lemon Cam, v1.0, Seller:  John Knight (4+)

Artist: Game Lingo

-Battery Doctor Pro - Max Your Battery Life, v5.5, Seller:  Martin Smith (4+)    

Artist: Plum LLC

-Telescope+, v1.1, Seller:  Zhang Yong (4+) 

For a total of $8.92 which left me with a giftcard balance of $0.11.

I feel violated and will not be inputting my credit card information into itunes for quite some time. I submitted a help request and would like to have my money back, but from reading previous posts, am worried about it being lost again. Have also changed passwords, security information, and everything else I could think of to secure my account and information, but am doubtful of what will come of it.

Nightowl/Kitten/Paula...

"I feel violated ..."  ((me too))

"this is enough !!!!"  ((I agree but the world isnt listening or acting))

"What's a good alternative to iTunes ?"  ((there is none if you ever intend to own an iDevice/pod/phone or buy their music/audio/ebooks/movies/apps... only an iTunes account will register/update/meld with your idevice fully as Apple intended to 'close circuit' the product, sorry))

I feel for you

Im also tired. I wrote Macworld and was ignored; they deleted my user member letter on the subject, if they ever actually posted it. I wrote four of the Mac based podcast authors I have followed for the last four years and no response. Mastercard did not acknowledge receiving my fax on the theft of funds from my CC account they hold. I shared the youTube link and friends didnt bother to affirm it in FB. The TV interview feels like it will go nowhere and the right things were not emphasized and highlighted. Apple continues to ignore and debase users, making them out to be the problem. Im tired. Nothing changes until someone loses money, but thats unnecessary.

Listen Jobs: Apple needs to change the End User Agreement to address this 3 year old ongoing problem without further alienating and isolating victims. (victims read bottom of page one iTunes EUA: everyone who installs iTunes agrees to Apple's declaration that they will be holding you responsible for any unauthorized use of the iTunes account. No wonder why the only response they have to us is 'its your fault, silly user') Will he listen? ah no, doubtful. In fact I wouldnt be surprised if i was cursed and 'forever removed' from the "light of Apple", thats how far this hits home. I could care less if I ever work for them, so no worries on that front.

I had hoped the TV interview would have higlighted the main solution: "remove all forms of your payment information, whether Win or Mac user, whether already hacked or not, or whether you are about to open a brand new iTunes account or not".

People who havent lost money yet arent reading this forum, nor are they aware. Even after being hacked, only a small percentage of people will find their way here to see 1000's of others have also been victimized. The solutions written here do no one any good in preventing them from being ripped off because its already too late.

If Apple stays silent for their 'image sake', traditional news media barely whisper about it, the Mac podcasters and 'high brow Macworld magazine" entities sluff it off as Chicken Little Syndrome, and the youTube vids dont do any good, then why bother? I wont any more; I leave it to you fellow victims to come up with a way to try and make this a big enough issue to the outside world in your circles. Ive neutralized 6 computers worth of accounts in the family, 'friends' politely declined thinking its not necessary, and now I am done.

TV interview: I get the feeling the air left the sails when when Apple 'declined to be interviewed' , sending a form letter response that again literally blames users' failures for account breaches... no mention of the hacking.

The station's alternative to the Apple interview rejection was to talk to a "white hat hacker" of a local security firm whose opinion was "installed malware or crooks using users' previously compromised user/passwords from a different internet account they have online, since most people use only one ID for all their online interactions". Self proclaimed "IT Professional" nicknamed Flabeo summarizes his condescension of the interview by a closing swipe that states, and I quote "..the weakest link in your online tech security is most likely YOU!"

Thats being 'professional'?

Marginalized all over again, "turned into the crazy cat guy babbling on about something that isnt really happening". I shouldnt have spoken up and volunteered, is what it feels like, and that it wont make a difference.

Last mention of the matter from me... any future victims arriving here reading this, you have my unspoken sympathy, good luck but dont hold your breath on anything....and the following:

Protection instructions, in case your friends have not been hacked yet: http://preview.tinyurl.com/3qu2b2f

The TV interview transcript and comment section, for what its worth: http://preview.tinyurl.com/3ps6zkl

The TV interview video, for some reason removed from the station only a day after the suppertime broadcast:

Video: iTunes concerns . If it ever is relinked I might come back and addendum to this post but, I doubt it on both accounts.

Its times like these I regret ever having owned Apple stock (still non dividend paying I see), having gotten Apple Product Professional accreditation, or so faithfully touting their virtues over the decades. Its clear that a podcast quote of "Apple is not your friend; their sole desire is to make money any way they can" rings true now more than ever; it is wielded on Apple Friends like a knife at any moment or instance.

Add me to the list also.

I got an iPod Touch for my birthday in June.  I wanted to get a couple of free apps, so I did.  A few days ago, I noticed a receipt in my email inbox, from Apple, stating that I had purchased a Dutch language app.  I switched off all in app purchases, and I have ONLY been downloading apps that were free.  But there was this purchase for this app for £5.99. 

Like so many others on here, I'm very tight with my security, and I made sure each time I downloaded an app that it was free.  So thisisn't a mistake.  I emailed apple immediately regarding the matter, they replied just short of the 24 hours that they promised.  Gave me the usual bumf about changing my password which Idid, be more careful, yada yada yada.  Thewy also told me Ihadmy account disabled, and I would now never be able to use that card with my account again.  It wasmy partner's debit card. 

Get this - they said it would be negligent of them to let me use that card again!  They then proceeded to tell me to pay for things in the future using my PayPal account.  How dumb do they think I am?!  PayPal links to your bank account, stupid!  I'd be no safer doing that than I wouldusing my cardagain, in fact they'd have further access to my PayPal account, which is also set up for selling on eBay.  And by reading around, gift cards definitely aren't the answer either.

It's only been £5.99 so far, which Apple refunded immediately, but very reluctantly like others said.  Also checked with the bank, who have said that becausse my partner gave me his carddetailswillingly it wasnot fraud, also Apple hasalready refundedthe money, which is fair enough.  It caused my partner tgo go over the overdraft and because they don't sdeem it to be fraud, he isn't going to get those charges back.

There is NO WAY I am going to be using any form of credit or debit card with apple again, if I ever do go back to them I will purchase a gift carddirectly from Apple themselves then if it STILL gets drained then apple will be completely liable for getting my credit back.

Oh, and BTW, I emailed apple after changing my password, who had been emailing me daily about how am I getting on and such.  After I told them I had done all they asked, I wrote to them and asked them that it was all well and goodchanging my password and refunding me albeit with reluctance, but what were they going to do about thisblatant breach of security?  It doesn't matter how often you change your password - if the hacker got it once, he can definitely get it again.  I have been ignored ever since I sent this email. 

Apple this is just not good enough! I demand answers right now, as does everyone else here!

I don't know how but appearently someone has gotten into my account. I was able to get in the other day and now I can't. I tried entering my security info and it said it was wrong. I tried reseting my password and never got an e-mail. I found a receipt for an iSTAR Drummer app which I did not purchase. There was no e-mail asking me if I wanted to change my e-mail address or anything, but it looks like it's all been changed. I told a friend and when he checked his account someone had gotten his, too. I had to make a new account to complain. I guess I'll have to call Apple tomorrow if they're even gonna bother to listen.

iSTAR Drummer and iSTAR Drummer HD were the apps that were bought with my account as well.  Apple did refund me for it (just $1.98, but still) and the refunds show up on my transactions though I am still waiting for the balance to reflect it.  Did you get any e-mails form apple about the purchases being made from a device not previously associated with your account?

Just checked my account and the balance reflects the credit as well.