Q: iTunes store account hacked

hahahahaha!

A few basic controls would help cutting this out I'm sure (unless the hacking is at the backend of course),

• Allow accounts to be resitricted to use in their own country.
  
  I asked about this, Apple said 'Oh but you might go to the States and want to buy something'.  Well guess what, I don't even have a passport and if I did, I'm sure I could either wait until I was home or remember to change my preferences before I left.
  
  Yes there are ways around such controls, but security is all about layers.
  
  
• Allow accounts to require some form of additional authorisation when accessed from a new device - FaceBook has something similar I think.
  
  
• Lock accounts after a definable number of incorrect access attempts (actually, is this already in place? in which case a keylogger becomes a more direct suspect).

Clearly no-one from Apple is reading this thread though.

My account was hacked last night. They are In-app purchases. I own no device with apps to make the purchases. The receipts total $145. I am furious. This better be fixed and it better be fixed quickly. I have changed my password, security questions and I have disconnected my account from my paypal account. What kind of security issues do they have going on? This is ridiculous!

talk2me -

Call this number (during the day)

408.996.1010

if they tell you the only way to contact itunes store support is through email, tell them you were hacked and someone used your account unathorized... ask for the support for accounts that were hacked tell them your story and how upset you are... you just want your account back to normal and to be able to use it.

The WILL transfer you to someone in the US, I got a itunes store support guy in Texas.

They CAN fix it for you.

Good Luck!

This just happend to me on Sunday morning and it was fixed (got my $ back and my account was enabled after it being disabled) by today. (Thursday)

I set up an Itunes account years ago for an Ipod that I now never use. Yesterday though I moved from a HTC phone to a iphone. I was in Itunes setting up my music etc when I went into Itunes to get some free apps.

First thing I noticed was that everything in the itunes store was in chinese!

I looked at my account details and the adress was okay but the country was China. I went to adjust it and it told me that I could not ajust it until an outstanding bill of $1.99 was paid for! This was for some app called "wooords"

Luckily the credit card that was registered with my account was an old one that is no longer in use so I am not out of pocket but now I have an iphone that I cannot put apps on.

I contacted Apple 18 hours ago and seems I have to wait 48 hours for a response. I'll update what happens next.

Its very suspious that the day I register my iPone is the day this chinese purchase happened.

Is Itunes safe for credit cards?

This echo's my experience exactly - dormant account, new device, hacked almost strraight-away.

Could it be possible that IOS devices themselves could be leaving the factory with some root-kit installed?  It seems unlikely.

Did you reset your Apple ID password as part of the process?

No I did not have to reset the password.

I'm getting really annoyed with the fact that I got a new phone but cannot use the functionality. If only HTC had a decent battery life I would never buy another Apple product (except cider: - )

Im surprised that this has not got more national coverage

My account iTunes account associated with my iPhone was hacked, and while resolving the issue I discovered how common this issue has become. Be careful iTunes users!

This is how it occurs, if you, like me, have chosen an easy to remember and type password for this account because the iPhone is difficult to type on -- please change it now! The hacker(s) are hacking various websites to gain lists of email addresses and password combinations. They are doing this because they know many people are creatures of habit and will use the same password for many sites, and since retyping passwords on devices such as phones is annoying, there is a better chance of this occurring.

Apple iTunes accounts also are generally associated with your email address, so if they can recover a password and email address from an easier site to hack (most sites ask for your email) and then they likely will also now have your iTunes account login information.

What will they do now that they have access to your account?

1. They will change most of your personal information, so you cannot login and regain control of your account. If you have access still, be aware that they may have changed your secret question or other account information, so they can regain access to the account later.
2. They will drain your store credit and make charges to your associated credit card. These will either be for gift certificates or goods which they can resell on eBay, Craigslist, etc.
3. If your account doesn’t currently have an associated card (luckily my case) they will associate another person’s stolen credit card information with your account. This way they can fraudulently drain another person’s bank account under your name, thus adding a layer of protection and creating a delay in any response to their fraudulent charges. 

This whole method has until very recently (within the last month) been aided by the fact Apple support for iTunes accounts was only available through a website form or email. Even today it is very difficult finding information on how to recover an iTunes account hacked in such a manner.

There are 56 pages of instances of this type of hacking on discussions.apple.com:

https://discussions.apple.com/thread/2665383?start=825&tstart=0

Even there you will not find accurate information, or from most Apple Support numbers. I had to speak with a supervisor, after being told it could only be handled via email.

This is the number to call: 877-416-4271 (if they refer you to the web, ask for a supervisor)

Note, this is a common strategy for hacking various accounts, so do not use the same easy to remember/type password you use for joining forums or low priority sites with any of your important primary accounts, such as email or accounts associated with credit cards.

Share this, as apparently it is very common, and even though it can be resolved, no one should have to spend time on the phone dealing with it.  

I'm sure that's true but there seems to be some link between activating a new device and getting hacked too.

That to me is way more concerning than accounts to which details have been gathered from historic dictionary based attacks against other targets.

anon-help

your advice is good, but that is not the case with me.

my itunes account is used with an email address that has nothing else associated with it... I have 3 email addresses i use.

1 for forums, which is NEVER used for anything else. basically a spam catcher.

1 for iTunes.

1 is my @me account, which is my personal email.

The password for the iTunes account, old one and new one, IS a pain to type. But I WANTED it that way...

I do have a 4th, but it's work related and using it anywhere... well, not a good idea. I can only access it from certain IP ranges, and attempts from any non Government IP... gets a red flag.

@vxxbcs

I agree, I bought a brand new iMac. month later... this.

Very interesting.  So the iTunes account pre-dated the iMac?  Did it have a valid payment mechanism on it?  Had it been used recently, before the iMac purchase?

yeah the iTunes account has been around since 2005/2006 or so. Long before I got the iMac.

Had an account for my first iPod, but forgot the password and created the account I have now. I don't think I bought anything until I got my First iPhone (3G). Just free song of the week a few times.

Now with my iMac, PowerMac, MacBook Pro, iPhone, iPad, iPod nano.... Yeah I buy stuff. lol.

Never had any problems until I bought the iMac this year.

I have a lot of money tied up in Apps, both iOS and OS X, but no music. I really don't listen to music, and the stuff I do listen to.. I have the physical CD's for them. (mainly older stuff)

I have never used any iTunes cards until I got the iMac either. I just used the CC, but I picked up 2 $25 cards for $18 each (on sale at Target) I only picked them up cause they were cheaper and I knew Lion was coming soon. figured i'd Get Lion, Pages (for iOS), and still have a balance left over.

All other Apple purchases have been in store, Apple, Bestbuy, AT&T etc. I ordered the custom built iMac online..

I also ordered my iPad 2 online with Apple, but since i was buying multiple iPads at the same time and shipping to my mom's business, We used her iTunes account for that. she has used iTunes cards, and never had any problems though.

I was hacked today...taken for $380 in fact.  I havent even accessed my itunes account in months and the ipod is dead in my laptop bag...thankfully i was alerted by paypal and they immediately disputed the charges and I also got an email from apple asking if i downloaded it becuase it was done from an unregistered computer...well hello if its unregistered then they should have to go thru a registration process thru the email that is linked to the account not just sign in and have at it with my account.  Not sure what these apps are other then whats listed in the description, World War and several honor points and Global War with several honor points...totaling $380!!!! and no i dont have an iphone nor have i ever accessed it from any computer other then my laptop and ipod touch

It seems to me the universal factor that (so far) that people have in common is  having thier paypal accounts linked to thier itunes account.

In my case the trigger seems to have been adding a new device.  I did reset the iTunes password and was wondering if that could have been compromised, but a few posts up ' fintanfromkilbeggan' experienced the same without having done that.

Seems there are multiple attack vectors, obviously there are accounts compromised elsewhere that happen to share credentials (i.e. same email-address and password to log on), which is outside of the control of iTunes notwithstanding the fact that Apple should provide some basic controls to mitigate their use, for example geographic and unregistered device restrictions, but secondly IMO it seems there is some problem either in iTunes itself or in the back-end system which is enabling the black-hat community to do this.  Assuming that is that new devices themselves don't have some root kit on them.