Q: iTunes store account hacked

I'm waiting for my Paypal refund,and Bye Bye Itunes,Iphones and Apple.I'm very sorry but everyday somebody posted they was hacked and Apple don't want talk about it. Like you said good hardware ,but f.. services

I woke up early and also had my account hacked into. I am very surprised. I have changed passwords but what I find most interesting is that just 3 days ago, I had to get anew phone and the only people that know about my account are the people from APPLE...yep..they have my old phone and I have been speaking with them regularly this past week..mmmm...

Out of curiosity, is your itunes account linked to your checking account, or your paypal account, or a credit card? The credit card could be the problem, not Apple. I hardly think it could be because of gift cards. Something on your end does not make sense.

@ Carlo TD

I have had an Apple account for about 5 years with no problems, I have NO CC linked to my account nor paypal or the like (thank god) however shortly after I registered a gift card my Daughter bought for my Birthday my account was hacked and stripped of all funds, coincidence? I think not.

Believe me the problem is with Apple, one of their shop representatives admitted this to me in confidence, so I can't say when or which shop obviously, but needless to say they know about it but wont do or say anything, poor show, good kit but rotten support!

Gift cards, are no different than any other gift card for any other company, including those phone cards. If there is a problem with the gift cards, it must be at the point of preparation. Are there stories of other companies, having trouble with their gift cards. ( i am sure they are all made in the same place.) So if it is not at the point of preparation, i am still confused about how their hacking peoples gift cards. I am smart, but a lot of people are much smarter than my self. I have bought many gift cards, and yet to have a problem (which does not mean a problem does not exist - obviously there is a problem.) I could understand a credit card having problems, but a giftcard... i thought the gift cards were activated at the check out counter.

My GIFT Card was hacked.. I have 3 cents left.. the only one who knew about me adding this was the representative with whom I spoke after I was trying to figure out how to "relink" my account to a new phone.  Some people are too smart...I don't understand.

It is NOT gift cards that are getting hacked per se.  It is the fact that the accounts are getting hacked which then allows them to drain the gift card balance.  Whowever screwed me was able to authorize a new device to download bogus apps and in-app purchases to.  THIS IS CLEARLY AN APPLE PROBLEM!

That being said, I did get a rapid and full refund.

In addition, the flurry of posts the last couple of days seems to indicate there having been a rather large breach recently.  Do a search on tech blogs also.  It is there.  Apple this is a huge PR problem.  Why am I going to trust your system to provide me with movies, music books and apps if you can not keep it secure?

I filed my complaint right away with PayPal (it was a linked account) and went through the Apple/iTunes process as well although I'm not sure it captured all of the transactions in question. I'll see if there is a way to verify that.

My hunch is this was unfortunately perhaps an inside job with a problem staff member. Just a guess and pure speculation on my part, but it seems to be the most reasonable explanation.

I've read good tips here that one only links an account at the instant of a transaction and then immediatley unlinks it afterwards. This sounds like a reasonable approach to avoid hacking since it removes the time window to sneak in unauthorized downloads. I may give that a shot...but of course my primary concern at this point now that the hacking has stopped is to get my paypal account reimbursed by the $300 that was taken out for these unauthorized transactions. It's pretty obvious from the pattern, like amounts of orders, and type of purchases made that it fits a hacker's profile.

Obviously if you say so! (I do not totally agree.) I like to look at things as analitically. There is something in common, either a web site, or a program that everyone is using or came into contact with (other than itunes)- otherwise this is hapening at the point of preparation. I know when I set up icloud, I was forced to change my password for my Apple ID. I wonder how many people use their apple id and password for other things. I use to. Now my apple id's password is different from all my other passwords. And in order to get into your account, another person would need your name, account number, and your apple id and password... way to many variables. I personally thought a creditcard being linked to an account was a must- I was under the impression, that you could not even connect to the apple store if you did not have a credit card.. I have a credit card linked to my account. Perhaps that is an extra sense of security, that people are not taking advantage of. I dont know. But i seriously thought it was impossible to have an itunes account if your  credit card was not linked to it.

ok, see that is what i dont understand... we are talking about giftcards, and your talking about paypal... infact your talking about making a claim at both apple and paypal, why ? and  why are you talking about paypal? keep oranges with oranges and peaches with peaches... if that is a seperate issue with paypal... it just makes us simple folk confused.

To explain, just as one can link a credit card to their iTunes Apple ID account for in-app purchases, that's what I have had done -- in my specific case, my paypal account was auto-lined to my Apple ID/iTunes store account for in app purchases.

So what happened was paypal showed around $300 for in-app purchases made, but the source of the problem was that my Apple ID account got hacked which allowed one to authorize their computer and then conduct in-app purchases that were automatically cleared and paid for through my linked paypal account.

I hope that makes sense. I contacted paypal right away since they were the first to report these purchases which I knew immediately were not authorized by me. The transactions only list Apple Store as the ID on the transaction. In reviewing the purchase history, someone made a series of in-app purchases to Z2Live, Inc. -- a mobile game company out of Seattle, WA.

I've just learned since I could not get the "report a problem" button to work that Apple's policy is one must contact the software vendor directly for in-app purchases. In other words, Apple washes their hands clean of the problem, although it was my Apple ID that got hacked that allowed the in-app purchase to happen through this game company. So I've fired emails off to this company following Apple's lead. The company web site does not list a customer service or support email address, so I hope this does not become a black hole. I figure I can call their front office in Seattle, WA if necessary.

In the meantime, paypal does need to be involved as well since I had to report the unauthorized payments made through them, but I admit myself I'm not 100% clear on who (Apple or Z2Live, Inc.) has to clear things up so my account can be reinstated.

Are you confused more?

Sorry.

I guess I am, also....

By the way, both my wife and I agree and we are both flabbergasted that Apple washes their hands with their stated policy that one must deal with the software vendor directly for in-app purchaes. It is Apple and their iTunes/Apple ID account management system that is responsible for allowing this type of transaction to take place to begin with. The vendor had nothing to do with this, they were simply on the receiving end of a hacker wanting to buy a bunch of their stuff.

Just my feeling about the matter. If Apple doesn't resolve this and I don't see my account credited, it's going to leave me shocked and disappointed as a long-time Apple fan/past employee.

ok, i kind of understand. I have a paypal account, and normally my paypal account acts as a medium between my bank, and another party. So I was not aware that paypal could act as in a fiduciary relationship, just as a bank could. I did not know that paypal acts also as a bank. I am not clear what an in-app purchase is.  My parents once had someone make fake checks on their checking account, and they filed a police report. Have you filed a police report? I think, in some ways, having your itunes account hacked, is like someone creating a check with your account number and using it. Then the bank may refund the money, but it is really for you to file a police report and go to the merchant where your check was used, to get back what ever the bank did not cover.  I know I am confuesed some, and I am sorry cause i am rushing out - have to t go to the library to take a final, but i just dont understand how everyone is saying it is Apple's fault, when it no different than if a person created checks and used your account to steal money. That does not make it the banks fault.

Apple is at fault because stores have a duty of care for the safety and security of its customers.  Apple has put itself out to the world as a safe and secure place to put your credit card, paypal, and gift card information so it should be vigilent in protecting such information. 

I don't believe Apple has lived up to this duty.  Even if they are not responsible for the leak of this confidential information (which seems doubtful considering the masses of people with the same story and different payment methods and the specific stories of App developers that make purchases), I know for me, when my account was hijacked, the hacker changed my Apple ID and my email was never notified. Apple only has you confirm major account changes through the NEW email you imput and not through your OLD email.  They should at the very least have a system in place to notify our real email when our accounts are compromised and make confirmation of such changes through your original email.

Since I have been locked out of my hijacked account for over 48 hours, I started making some music purchases at Amazon, the music is cheaper, has less legal restrictions, it is all stored in the cloud, and hopfully my cc information is protected by a company that cares more about security.