Q: iTunes store account hacked

I have been hacked too.  When I found out about it, I was away from my computer and didnm't think to check til now.  I have since sent them three emails.....three is better than none! 

I didnt realize that they stole from my gift card.  I guess it could be worse, much worse, but still!  I feel violated.  I hope that Apple reimburses me since this isn't my fault as they will make it out to sound.    Wanted to buy a few songs, but I guess that is going to have to wait.  Sigh.

Dirty little (Chinese?) thieves!

Is this possibly an issue that can be taken up with Apple Care?

I've just had the same problem! 1 x Pearl-in-Palm app purchase, and 2 x Pearl-in-Palm in-app purchases... all three off my gift card, and all three were stupid chinese apps. The REPORT AND PROBLEM link wouldn't work on the purchases so I called Apple Support. They directed me to the Express Lane email adress and advised I should get a full refund of purchases and a response withing 24 business hours... bring on Monday!

Seems like this problem is alot worse than I realised. Wake up Apple...

yep, hacked as well. I asked someone on support chat and they directed me to an email form to give to Apple:

http://www.apple.com/support/itunes/contact.html?form=account&topic=iTunes%20Sto re%20Account%20and%20Billing

I just filled it out, so they haven't had time to read or respond to it yet.

Honestly, i would love to know how to lock down my iTunes account to only allow specific devices to do anything with my account. This would at least limit all liability to only my specific iPhone that I have on my hip or the computer on my desk.

Last night, Aug 20 2011, I was informed that my current password was no longer valid and that I was adviced to change it. I changed my password and thought that it was odd but I didn't mind any of it. This morning, when I signed in to my itunes store account, I was shocked to find that my credit balance was only $0.10 when I clearly remembered that yesterday it was still $35.08.. I refreshed the page thinking that maybe it was just a glitch or something. Then I found out that I APPARENTLY made in app purchases from an APP KINGDOM CONQUEST WHEN I AM ABSOLUTELY SURE that I have never heard of this app nor have I downloaded it! The purchase was made 1:14 AM AUG 20 2011 which was impossible because I was asleep and I live alone! I contacted apple about this and I want to be refunded! AND IT SEEMS I'M NOT THE ONLY ONE!! numerous accounts have reported this and it's time for apple to DO SOMETHING about this!

On August 20th I too was hacked! They took about all of the $40.00 credit I had on the account and am left with 90cents. I'm going to try to contact them on Sunday and see what I can do about this.

Well, I posted yesterday about being hacked... 3 or 4 posts up... and thought I would share my experience with apple since my original report to them.

I rang the support number...I emailed off the complaint in the express lane... I waited 24 hours and had a response the next day (not bad for a Sunday!) The response advised they had temporarily disabled my account and asked me to confirm my identity with address and my own recent iTunes purchases... fair enough in case I was a fraudster I guess. So I sent them off the details and less then an hour later had yet another response confirming that my account was re-enabled and the money had been refunded.

I checked straight away and yup, there it was... all my money returned.

The whole process was painless and easy and quick. Props to apple for the quick turn around and the refund of money.

To everybody else having the same problem, I hope that you guys will have as much success as I did. This one event of a security breach isn't enough to turn me off Apple simply because they responded so well.

Yes, it is a concern that it is happening to so many people and has been occuring for so long, but in the last year I've heard of Sony, Facebook, and Westpac all being hacked into on varying accounts. These are all major corporations so I don't think we can fairly blame Apple here saying they need to clean thier act up. Clearly this is going to be an ongoing worldwide issue that will affect many people now and in the future.

There is a risk in all transactions involving money, from ATM's, EFTPOS machines, eBay, Paypal to currency conversion in funny little Asian countries... the thing is, if you don't want the risk of being scammed or hacked, take yourself out of the situation. This is something we will just need to accept as technology and the modern world progresses.

The frauding little thieves and dirty corrupting twits will always find a way to get your private details and money no matter how many security measures are put in place. Perhaps the real issue here is why aren't these people being caught and persecuted with theft and invasion of privacy or something? If they can find us, surely we can find them and punish them accordingly.

Again, thanks Apple for your excellent customer service on an issue that whilst is annoying and unfair, is still mostly out of your hands.

Same here! They seem to be taking gift card credit that was left on the account!

@kristafromkalamunda, I agree that they have resolved many of these issues quickly and it may not be their fault that these accounts keep getting hacked over and over again.  But this has been going on for over a year now, and unlike Facebook, Sony & Westpac, Apple has yet to acknowledge that there is any issue what-so-ever.  And all they have done is blame the user with their scripted responses.  Telling the user that they need to "change their password", "have a stronger password", "do not give your password to anyone", "this is a one-time offer", etc.  If you read some of the previous posts, many of the users have extremely strong passwords, do not give them to anyone, change them regularly and use random letters, numbers and special characters.  But as soon as they enter a gift card, their accounts are hacked and drained within 48 hours.

I purchased 3 $50 gift cards and only entered 1 of them when I was hacked.  I still have the other 2, but I have been afraid to enter them, for fear of being hacked again.  And having use up my "one-time" credit refund, I will be out of luck next time.

I don't care if hackers continuously figure out ways to get these accounts, and they will.  I just want Apple to acknowledge the issue and pointing the finger at their customers.

I'm sorry kristafromkalamunda, but you aren't paying close enough attention to this story. I was hacked and received refunds twice, once over a year and a half ago. This thread is just one on the subject, and it is 42 pages long. This is NOT a minor issue about small theft and refunds. It is about Apple's response to a very serious issue. I looked back into my account yesterday and found yet another 'religious' themed album which I never, or would ever think about, ordering. When I brought it up to 'April' at the feedback contact, I was sum mar ily scolded for being late to complain and that I wouldn't receive a refund. I pointed out that I wasn't looking for a refund and that I wanted Apple to fix the problem. I don't think I will be hearing back from 'April'.

I have had a very different experience to alot of the stories here and I can't help but wonder if sometimes people exaggerate the issue to prove a point.

In all my communication with Apple, they never once blamed me for - giving out password / not having a strong enough password etc... And of course they are going to reccomend changing your password... This isn't them laying the blame on the user, this is them reccommending a course of immediate action. Everything on the internet with a password reccommends you mix it up, change it often, use numbers etc.. this can't be seen as Apple not taking the blame.

My gift card was entered on December 25 (I received it for Christmas) and 8 months later it was hacked into... So once again, this isn't something that happens instantly to everyone. If all gift cards were being hacked into within 48 hours, wouldn't Apple just cancel the sale of all gift cards?

I agree in that Apple should acknowledge the issue, but at the same time, haven't we all at one point or another in our lives been told that accepting the blame is accepting the liability? Apple are smarter than that. This is the reality.

I'm sorry for the people that have had a bad response from Apple. In my experience with Joanna, Marvelyn and Jeremy - they were all helpful and apologetic, over the phone and in the first email I recieved.

Any chance you could share the number you used to call Apple? If it's an English one that is. I've sent 4 emails over thenlastbweek, had my money refunded but my account disabled and no contact atall from apple saying how or when my account will be available again?!?

I just got this response from Apple. It seems they have softened their stance a bit, but are still denying it isn't their fault at all.

Dear William,

Welcome to Apple iTunes Store Customer Support! My name is Raj and I am glad to assist you.

I understand your concern about the security of your account as this is the second time that fraudulent purchases were made on your account. I know this must be frustrating. I will be glad to share some information with you.

There are many different ways that your information may have been obtained. Your information can be obtained through programs from trojan viruses from websites that you visit, which steal your personal information from your computer when signing into an account. Some information may even obtained through your actual email account.

Another possibility is what we call "Phisher" sites. These are websites that are masquerading as the iTunes Store and prey upon customers asking them to enter in their personal information, such as account name and password.

To make sure that this does not happen again, you will want to scan your computer for any type of malware that may be present, be very careful about the websites that you visit, always sign out of your iTunes account and make sure that the password for your iTunes account is not used for any other online account that you may have (and also make sure that the password does not contain any part of your actual email address or account name either).

I know that this is an upsetting situation, and I can certainly understand your concerns, however I want to assure you that this is not an issue with iTunes Security.

The iTunes Store does take numerous precautions to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction.

The following page outlines, in detail, how Apple protects your information:

Apple Privacy Policy;

http://www.apple.com/legal/privacy/

Whenever you make changes to your password make sure to follow some good practices to ensure you are creating the hardest possible password for any potential attacker to figure out.

Here are a few tips;

1. Randomly substitute numbers for letters that look similar. The letter ‘o' becomes the number ‘0', or try using '@' instead of 'a'

2. Randomly substitute in capital letters (i.e - aPplE)

3. Think of something you were attached to when you were younger, but do not choose a persons name. Every name and every word in the dictionary will fail under the most simple attacks used by hackers.

4. You should also use different username/password combinations for every site you use.

5. Since it can be difficult to remember a large number of passwords, consider using what is known as a password manager program. Often they can be found for free and they are designed to store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. Although I am not permitted to provide specific recommendations or endorse 3rd party products, I'm sure you will be able to find such software using any popular search engine.

Once you've thought of a good password, navigate to this website to find out how secure it is;

https://www.microsoft.com/protect/fraud/passwords/checker.aspx

* Notice the http(S) in the URL. This indicates the site is provided via an encrypted connection (meaning anything you send to it is done so using the highest standards in secure data transmission).

William, it is okay if you wish to keep your account disabled for some time, when you wish to re-enable it, please reply to this email with the following information:

1) The complete billing address listed on the account, and

2) One of the following:

- the order number of your most recent authorized purchase

- the name of any item you've purchased using this iTunes account

I hope this information will be helpful. If you require anything further, please reply to this email and let me know, I will be happy to see what more I can do. Take care and I wish you all the best.

Sincerely,

Raj

iTunes Store/Mac App Store Customer Support

This is exactly what I was referring to.  "You" may have a trojan.  "You" may have been phished.  "You" may have allowed someone to access your account from your computer.  "You" should use special characters.  "You" should use random capital letters.  "You" should use a different password for every login.  "You" should make sure you are going to the correct URL.

I do not say anything other that what "You" might have done so "You" are clearly at fault (according to them).  Apple takes absolutely no responsibility for these accounts being comprimised.

This is an update to my previous post. I sent an email to Apple using this form:

http://www.apple.com/support/itunes/contact.html?form=account&topic=iTunes%20Sto re%20Account%20and%20Billing

The email was sent on Saturday. Monday at 3:38am, the gift card dollars were reimbursed into my account. I never actually received anything from Apple. They simply disabled my account and when I tried to log into itunes, it forced me to change my password.

That was it. short, easy, and prompt. Its pretty much the pattern for everything done with apple. I can't blame apple for what a hacker is doing. The hacker is the bad guy here, not apple. Apple didn't make me jump through any flaming hoops to get a refund or prove I didn't buy the app.

The lesson here is to simply use gift cards in order to limit your liability. I'm trying to learn from this and make sure that all online acounts I have are similarly limited in some way.