Q: iTunes store account hacked

Follow up - been credited, though the issue of Apple's system being compromised has not been addressed. They also accused me of "not remembering" the purchase, and told me I should lock down my Iphone (I don't have any Apple products, certainly not an Iphone - and after this experience I will certainly ensure not to.)

Instead of answering as a human, they're using scripted responses. It's too bad. I thought Apple was better than this. The representative said she spoke with a supervisor and couldn't determine what happened, and has not responded to any of my email since.  Next step I guess is file a complaint with information privacy commissioner, the media and the better business bureau. 

Thanks Apple for taking information security seriously. That's too bad. Before this I was considering an Iphone. Certainly not now.

It's getting worse, not better. I received this reply from Apple. The problem is, I'm not Josh. EVERYONE, please contact Apple iTunes AND security about this problem. Just because you get your $10 back isn't going to help solve this problem. Here are the links. DO IT!

iTunes

Security

Dear Josh,

Welcome to Apple iTunes Store Customer Support! My name is Raj and I am glad to assist you.

I understand that you are concerned about the purchases made with your iTunes Store account, "xxxxxxxx@yahoo.com" without your permission or knowledge.

I can certainly see how disappointing this could be. Please accept any apologies for any inconvenience you've experienced, as I know how concerning it can be to deal with such issues. customer reporting unauthorized charges.

It appears that your account has already been disabled to avoid further charges. Please note that you can enable your iTunes Store account in the future by providing specific information to iTunes Store support, as described at the end of this email.

I also understand that you are concerned about the safety of your personal information in regards to the iTunes Store and the App Store. Your privacy is very important to Apple and we take numerous precautions to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction.

I am thankfully NOT being hacked at the moment, but SOMEONE, one of you who has, NEEDS TO TAKE THIS TO THE MEDIA. Fox would probably get the most exposure. And when you contact iTunes support, you should be providing the link to the this discussion. They won't understand the seriousness of this until you do because

1. Apple Support does not read the discussions

2. Different support agents get your reports. They aren't linking them just fixing YOUR problem.

And there is absolutely no excuse for an Apple agent to try to put the blame on the customers. I am so sorry this is happening to all of you.

Did any contact Towson, MD PD? Your own Police Dept? The scam happening here is breaks a TON of laws and this person or people should go to prison. Credit Card Theft, CC Fraud, Identity Theft & Fraud, etc. These people MUST be stopped and until Apple and the Media expose it, this will keep happening to people. The only way Apple will see the pattern is if victims show them this thread! Please, if this has happened to you, contact apple AGAIN but this time, tell them that they NEED TO READ THIS THREAD and then contact your local news station. This is a WORLDWIDE issue, not just the US but it all leads back to Towson, MD (which is probably fake info anyway).

Here's another question for those of you who were stolen from:

Did any of you use PUBLIC wifi (free wifi or paid)? There has GOT TO BE a link between all of you besides you having gift card credit in your accounts. There is no way to transfer credit to another account so it has to be something else, like wifi. Also, are you all on PC's? I'm asking because a lot of you are mentioning spyware, antivirus, etc. It could actually be happening from something you installed like a third party plug in for iTunes.

It could also be a SITE you all joined. The point is there IS something you ALL have in common. We just need to find out what it is. I don't know if there is anyting I can do to help, but I'm here if anyone needs it.

I agree that it needs Media attention.

I was taken for $43, Apple refunded me after about a week of back and forth.

But, you are wrong on one part. Apple DOES read these discussions.

I had a problem with my WiFi on my 27" iMac, still do but 98% of the time it works fine, I never contacted Apple just the discussions.

A Tech called me at home..... using my AppleID contact info, and E-mailed me as well. There were others that were contacted as well. We had to run a script to gather some info and forward that to them.

As for the rest of your question.

I have my AppleID input on 3 Mac's, an iPad and an iPhone. Not on any PC.

I do have one PC, but it's games only and doesn't even have iTunes installed on it.

I Run FireFox with NoScript, Ghostery and AdBlock. (If only NoScript for Safari would be released...) So it's not exactly trackers etc on my end. I Block anything Google, facebook, etc.

If you go back to my initial issue, I logged into my AppleID and changed my Password (using Safari) on my MBP which I had just burned it down and started fresh prepping for Lion. (I had no 3rd party stuff on it, wanted as smooth a transition as possible on the MBP) the new password was never input anywhere other than the MBP. 45 minutes later, password was again hacked to drain me of the $43. First time it was a free app, and I got the email saying an unathorized computer was used.. I changed the password before they could purchase anything with the gift card.

It's either Apple's website... iTunes itself, or an inside employee making money off selling iTunes account passwords to someone selling only those with a Gift Card balance. (apple is not immune to bad employee's) you say the address was changed to somewhere in MD, mine was set in California.

The only thing that everyone of us has in common... Gift Card balances. (why I suspect an insider, iTunes or Apple webiste)

They don't use our CC's. At leaset i haven't read of anyone getting their CC used..

I found that this issue has been going on since Nov of last year, you can search to see that it was reported on back then, but nothing came of it and nothing has changed.

The apple responce's are scripted, they probably have to follow the rules and send you the same scripted responce explaining that there could be multiple ways to get your password, and possibly it's the end user.

I don't join random website, I don't do social media (waste of time) I don't use my itunes email or that password i use for it anywhere else. I have 3 email's i regularly use. the one I use for itunes is pretty much the only thing it's used for anymore.. Apple wouldn't let me switch it to my MobileMe account, so it stays.

they may have removed the credit card number so you wouldn't freak out and close the account since you don't think it was on there - better check your credit cards, too

wrong.

Go log into your AppleID account, Use the I forgot my password. (which the hackers do so they can purchase the stuff and not be stopped until you rechange it)

now, notice how you have to verify the security code on the back of your card?

if you don't.... your CC# gets removed from your account.

My Daughter bought me a £25.00 gift voucher for my birthday which lifted my balance to £28.00, yesterday I recieved an email from Itunes notifying me of a account change (4am in the morning) two minutes later I had two emails confirming two purchases of £7.99 each. I noticed this at 7am and reported this as a problem but did not recieve confirmation until 11am. I now have just £10 left

How can this happen? why did apple allow these two purchases two minutes after my account change without confirmation from myself that it was I that had changed the account??

I strongly suspect that I have been "hacked" and this is not an administration error, one of the purchases appears to be a Chinese music album.

I have searched for a telephone number to call regards a fraudulant activity but is seems apple do not have one.

It seems that this problem is widespread and has been going on for years, why has this not been publisised???

What is more frustrating I don't know who to contact to sort this out, apple seem to be quite vauge.

I just had this happen to me within the last hour.

I don't normally keep a balance in my account, but I recently won a gift card from Starbucks & Lady Gaga (Hey, it was a scavenger hunt! I love scavenger hunts!) and added the $25 to my account. I upgraded a couple of songs to the DRM free versions and was planning on buying a few apps later.

This morning at 2am, I happened to check my email and noticed 5 emails from Apple in rapid succession. 4 for purchases from a "previously unauthorized device" and 1 saying that my credit card information had been removed from my account.

I logged into iTunes and checked, and sure enough... 2 'free' apps and then in-app purchases totaling 23.46. Guh! I found that I had 90¢ left in my account!

The apps were Epical Gladitors from Funverse and Empire Online (or something of that nature, the game name is mostly in Chinese) from Lakoo. Neither of these games are anything I've ever heard of.

It's odd that the one time I have a gift card balance on my account, my money gets stolen within a week!

I've updated my password, left the credit card info empty, and updated my questions. I also unauthorized all the machines currently associated with my account and then reauthorized just the one I use now. I hope I don't have to update my password anytime soon because quite frankly, it's now a string of barely rememberable random characters!

Aircool: Here's what I did:

• Go to your iTunes app and then into the store to your account information.
• You'll see a section on that page that says recent purchases. Click that and at the bottom it'll say "Report Problem".
• Click that button and then your purchases  will have an option that says "REPORT PROBLEM" next to them.
• Click the link next to your unauthorized purchase and It'll take you a page on Apple's website.
• Select iTunes Store Account & Billing > Account Security.
• There'll be a link that says "Email Us" as well as some FAQ links.
• Send an email off to Apple from that page. You'll need the Order number for the unauthorized purchases. As they're done in rapid succession, you'll like only have the one order number for multiple things.

Lakoo - Apple are you listening? Look into this dev. please!!!

I was just burned on the weekend, the rapid succession of emails (4-5am) about my account details changing, then purchases made from a device not previously authorized. My CC information has been removed from my account, nothing else was altered.

My $30 iTunes voucher cleaned out, am now down to $0.07. What's annoying is the fact that when i read the reviews of the app in question, there are about 5 that state the very same issue. Hacked accounts and false charges! If this happens multiple times for the ONE app, then why isn't something done by Apple?

http://itunes.apple.com/au/app/id371613788?mt=8

This is the 2nd time i've been burned by hackers, 2009 and now 2011. Same issue as last time, account details changed and apps purchased totaling $72. 15 emails from Apple, full of "i understand your concern..." etc. Talk to me like a HUMAN, not a robot. Same e-mail 15 times over, same response with a minor change in content. Took 3 months to have my charges reversed after getting my bank involved with Apple security, SUCH a hassle.

The annoying thing is, the emails from Apple make out as if WE are the ones in the wrong and don't really take the time to understand our concerns. Am i sure i didnt change my login? Am i sure i didnt make the purchases?...of course im sure! I dont spent $72 on apps just released with NO reviews, NO ratings, both games by same developer...join the dots Apple. Good to see those two apps dont exist anymore 'iCool' and 'iFruitShow'.

"The iTunes Store cannot reverse the charges." This was a 2009 email so no idea what the current stance is, but how easy of Apple to wipe their hands clean of any issues when they arrise.

I ditched Apple in 2009 because of this, refused to have my CC on file with them. Now its reared its ugly head again and i refuse to put my CC back on file AGAIN.

LISTEN UP!!!

The contacts to Apple have been listed over and over.

START USING THEM!!

iTunes

Security

This happened to me also. Fraudulent charges from the Kingdom Conquest app that nearly wiped out my iTunes credit. I'm going to contact Apple shortly and see what can be done about this. I don't even USE an iPhone!

Another same ol' same ol' here. Same programs, same M.O. Email to support was returned within 10 minutes (though with a canned apology for taking so long) and allegedly refunded the money (can't access itunes from work, so I don't know for sure).  Changed my address back to mine from the Florida address it had been changed to.

@baba

With respect there are 567 replies and I really don't have time to read them all at the moment to find the correct contact details, instead I phoned CS and spoke to a Sebastian.

Sebastian was quite nonchalant about my dilemma, he said that there was nothing he could do and my reported problem would be answered within 48hrs!

I chalanged him regards this problem and he said "he is unaware of it"

Sebastian told me that are NO phone numbers at Apple or Itunes that I can dial to speak to someone about account  fraud and I have to admit that I cant find any either, when I have an hour or two to spare I will have a trawl through all the posts to see if anyone has successfully spoken to Itune/Apple about the fraud, but if anyone can put an old guy out of his misery buy just posting the number again I will be eternally grateful. 

There are no numbers to call. But you can at least contact Apple on both these links and voice your opinion. They do read these. They aren't support, they are feedback. Copy these and post every time you reply to this forum. There are even more forums covering this mess.

The contacts to Apple have been listed over and over.

START USING THEM!!

iTunes

Security

Yet another victim on the roster here.  I am VERY glad I never put a cc on my account, there was only $27 in credits that got stolen.

I do not have any web-enabled iOS devices and only access iTunes from one single PC, in my home with good security practices.   I received the typical email: 

from          Apple do_not_reply@apple.com

to ME

date          Mon, Aug 8, 2011 at 1:01 AM

subject          Your recent purchase with your Apple ID.

Images from this sender are always displayed. Don't display from now on.

hide details 1:01 AM (21 hours ago)

Dear ME,

Your Apple ID, ME, was just used to purchase Texas Poker from the App Store on a computer or device that had not previously been associated with that Apple ID.

If you made this purchase, you can disregard this email. This email was sent as a safeguard designed to protect you against unauthorized purchases.

If you did not make this purchase, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.

Regards,

Apple

I do not have any devices capable of using this app, nor did I ever purchase it.  The app is free but the thieves also purchased $27.95 in poker chips for it, cleaning my account out to leave $0.56

I have written to Apple and it remains to be seen whether they will reply in a timely fashion and refund my account. 

I have also changed both my Apple ID email and the password on it. 

I'm thinking Amazon might be a safer place to buy MP3's.

- crAsh