Q: iTunes store account hacked

Can you post a link to those articles?

I think we can rule out any hacking of this board. My post earlier today was the first time I've ever posted and that was subsequent to my iTunes hack. I reckon it must be something to do with those gift cards but then, that doesn't explain accounts where there is no gift card involved.

I haven't used a PC in years and only use my iPhone, iPad, iMac or MacBook. On the MacBook and iMac I have a decent (i.e., not free) anti-virus installed too.

The only link between people who've been hacked after a gift card has been activated and those who've been hacked without a gift card is the AppleID that we all use to lod into iTunes, App Store or to buy equipment. I don't know which one of those is the weak link in the chain but it's made me very nervous about the impending iCloud.

Can you post a link to those articles?

Sure, here's the more interesting one:

http://www.globaltimes.cn/china/society/2011-01/609351.html

And the money quote:

According to Jin, there are five trojan virus production-and-distribution groups in China, with more than 300,000 people engaged in developing and selling the virus used to secure the account information.

Adam A. Lang wrote:

 

Edit: Oh, now this is interesting. According to a couple of articles I've just read, people are using key-loggers installed by trojans and viruses to capture passwords and usernames for iTunes. If that's true, then the suggestion of several people here to have people input their credit card number or iTunes gift card number every time they want to make a purchase would be HUGELY counterproductive.

That's assuming you have had a trojan/virus and a keylogger was installed and active but yes, it's possible.

If someone is using a keylogger to get a CC#, why would they then change anything in the iTunes account (such as name and address) then make purchases on that same account?

If I was into stealing CC numbers, I definitely wouldn't waste my time with iTunes purchases.

Also,I don't think I have read any posts here where someone's iTunes account was drained AND their CC was fraudulently used elsewhere.

Getting someone's iTunes username/password will NOT give you access to the full CC #. Go to View account and you can only see the last 4 digits so the CC # could not be used elsewhere.

According to Jin, there are five trojan virus production-and-distribution groups in China, with more than 300,000 people engaged in developing and selling the virus used to secure the account information.

That's funny. Then the people who made these purchases are then most likely hacked.

Also, if someone is using a keylogger to get a CC#, why would they then change anything in the iTunes account (such as name and address) then make purchases on that same account?

Well, the point is, right now people don't enter their credit card numbers very often. I certainly haven't in months, maybe even a year. If someone installed a key logger on my computer, that was 'trained' to look for iTunes interaction (since obviously you can't look at everything that happens on a computer, you have to narrow it down somehow) they would never see my credit card info at all, but they would see my username and password.

So if Apple were to combat this by making people enter their credit card info, it would mean that the person with the keylogger was able to steal the credit card info instead of just the username and password.

However, beyond that, it appears that people are actually stealing credit card info, and using it to make new iTMS accounts and selling those in China. And if you think about it you'll realize why: if you live in China, there aren't that many ways that you can use a stolen credit card, if it was stolen from the US. Most credit cards have at least some fraud prevention, preventing things from being shipped to China, charges on Chinese web sites from being processed, etc. iTMS accounts are one of the easier ways to actually monetize stolen credit cards.

If I was into stealing CC numbers, I definitely wouldn't waste my time with iTunes purchases.

You don't live in China, and, further, you probably haven't thought through exactly how one monetizes one's stolen credit card info. Which is hardly surprising, because one hopes you're never likely to be in a position to want to, of course. :-)

I did some googling and found this software maker. They make software that enters your passwords without using the keyboard or clipboard.

https://agilebits.com/

I can't say that they're good or bad, but their site/blog explains a lot about security and how it gets breached.

they make 1Password.... Hardly part of the problem.

I use 1Password myself, I don't use the auto input. which there are MANY other software companies that do the same, not just 1Password.

Pretty sure 1Password is not the problem.

My password for iTunes wasn't the most secure, numbers and letters but not caps etc. It was only used for iTunes, only used on the iPhone/iPad and on my Macs.

I wasn't saying they're part of the problem, I was thinking they might be the solution.

Chalk another one up to the Chinese hack syndrome

Address changed to

1XX3 WhXXX GXXX Road
Alamo, CA 94XXX-2831

Credit card info swiped.  Purchased 798ArtZone, v1.0, Seller:  wang long (17+) with the gift card balance on the account

I was on the phone with Apple and their solution was "you can chat with iTunes tomorrow after 10am".   Then Apple responded by email and said they would credit the unathorized purchase.  I could care less about the $12, I am just shocked that Apple has no additional response nor an Security/Fraud group whom I could contact and gave no indication this problem could be prevented in the future

Demonstrates that I can't trust them to protect my information so I'm taking my family plan to the Android side of the world...phones, devices, and all

< Edited By Host >

Can I have your stuff? O wait, this isn't World of Warcraft...

I kind of get the impression that "goodbyeapple" had made up his mind about dumping his iPhone and services related to his Apple ID before he attempted to resolve his issue.

John

According to Apple my issue is resolved

have fun with Android, all the malware, virus, oh yeah... and the hacked store. (yes, it's happened multiple times)

we can also discuss all the patent violations, the blatant copyright infringements, the copy/paste job they did with Sun (Java).

I only stay subscribed to this thread to read the knee jerk stories. it gets entertaining.

Like Apple is the ONLY site to ever have issues.... Having your online account drained is nothing new. Amazon has had the very same problem, throw a stone at online games.... you will hit a *few*.

We don't even know for sure where the problem is.. For all we know, it could be yet another Google analytics hack. which isn't exactly Apple's fault...

I had a very similar issue but I haven't gotten as far as contacting Apple support yet since it was just discovered here in the last hour. 

I have two computers authorized to use my account (My husband and I's primary computers.)  Back in August, which was quite inconveniently a time when I was indisposed of (Medically out) my account password on my iphone suddenly quit working.  (given the issues I was having I couldn't swear to it that it was my password so I brushed it aside for the time being until I had my wits about me to try to reset it.  I finally got it reset, only to find that my account had been emptied.  It had somewhere around $35 in it last time I marked it on my spreadsheet at home that I use to track how much money each of us has to spend.  looking back through my emails I found s receipt for the time I was in the hospital for $33.95 and it was for a program I had never heard of:  明珠三国OL, 686元宝, Seller: Pearl-in-Palm Information Technology Ltd   I don't even know what language that is at the beginning. Seeing this reminded me of an email I had received about a device not previously associated with my ID making a purchase, unfortunately, I was still unavailable to do anything at the time and truth is, I'm just now back to being able to deal with this type of thing.  I will be reporting what I have to Apple in an attempt to prevent others from being hurt.  In the meantime, I hope whomever did this get their just desserts in the form of a portion of what I"ve been through in the last year as I fight brain cancer.

i got hacked 16/09/11 at 04:20 in the morning £17.99 from that -kingdomconquest- game

gone to apple about it so hopefully they will refund me...

I'd like to know how many people who got hacked were using Macs and how many were using Windows machines.

I'm just trying to figure out if the hackers are attacking Apple's servers to gain access, or are they attacking individual's computers or their iPhones or iPods.