Got receipt for an unauthorized purchase, please help!

I am in the same club as you.

My use of iTunes is coming to an end because I don't have confidence that anything is being done to resolve the security problem. The word is spreading too.

And that is a shame that Apple won't be more forthcoming about this.

Same problem, same date, but for 2 x 11.99 sets of poker chips. Anyone got a reply from apple yet? appears to me that Apple got hacked, not us.

Took days and days but yes, I got help from Apple and my $$ back.

I do think they have an internal problem but there is also a wicked piece of Mac malware getting press these days so it wouldn't hurt to do a virus scan on your machines as well as getting on Apple to fix your accounts/return the money.

Yep, I eventually got a reply after about a week, plus a refund, and a bonus speech :

- that this would be the "one time",

- that this problem was MY fault, not Apple's,

- if it "was" their fault, it would still be my fault because the Agreement states that all account activity is the

responsibility of the account 'holder', not the account 'provider', Including theft, which is a nice escape clause and a legal excuse not to be responsible.

So, that means that if a hacker downloaded $20 bucks worth of poker chips, it would be MY fault, even though Apple's security "might" have a hole, which it does.

<Edited by Host>

Unfortunately, I too have been duped for nearly all of my account balance. I had £45.00GBP, and now I have £0.26GBP. The whole lot was squandered on "Order and Chaos" in-game purchases, which I have no interest for whatsoever. I will refuse to take any blame here, because my very complex password has remained private for over 5 years - I've not told a sole, I don't have any key-loggers, and I'm certainly not stupid enough to get phished. I have top-notch software and hardware internet security, and I am a budding Computer Scientist.

If I get fobbed-off in any way trying to say that it's my fault, I'm going to go to Trading Standards UK, and I'm going to submit a story to Watchdog. I'm amazed Watchdog haven't already commented on this kind of story.

I am in the same position as Alteran. My password is secure. I am very careful about my online practices and I even run Sophos Antivirus on my Mac. HOWEVER, Alteran, I just realized one vulnerability that many of us may have overlooked. My Apple ID and password were, indeed, secure and difficult to hack, but I used the same email address and password for several other Internet sites. Did you do the same? With the recent flurry of massive database thefts (e.g. Sony, Epsilon) we were told that the "only" information that was compromised was email addresses and passwords for various banking, shopping and travel sites.

A sophisticated hacker could easily take "just" the emails and their passwords and start writing routines to try those same passwords on many different sites.

I'm not an apologist for Apple (although to their credit they refunded my $32) but I'm trying to think like a hacker so it doesn't happen again!

I still have no explanation as to how these thieves are converting their game credit purchases into cash. (My thief purchased poker chips at kamagames.com.) Has anyone pursued that question?

Well, the only way I can see such a scam benefitting anyone would be the app publishers themselves - as they're the ones who see 70% of the cash in these transactions. However, I don't quite see how or why a company such as Gameloft would participate in such a shady business.

While I might tend to use the same few passwords over a range of different sites, I made it a habit not to use the same password for my email address as every other site - meaning if you had my email and password from one site, then it would be useless on most others. I have also not been a user of other services that have been reportedly compromised according to the news and media. It's been a pretty bad year so far. Sony and LastPass have already been victimised and they obviously won't be the last.

Phishing, Keylogging, Bruteforcing and other shenanigans have definitely been on the increase over the past year or so. Steam account phishing, for example, became such a problem, that they included new per-computer access restrictions, preventing anyone from logging into an account without email verification confirming access from that computer, dubbed "Steam Guard". Apple really do need to start investing in hightened security provisions such as this. Anyone feel like sending Steve an email?

I got done just now myself for the Texas Poker app and 1.5M in chips for $23.99 all up. It was also the first time I had used a gift card and had always used my credit card before. It seems that there may be something to do with the latest gift cards because all of the people who have posted so far seem to have been using gift cards. Possibly there is something already on the cards to make this happen or allow access.

The credit that was stolen from me came from a Coinstar machine at the grocery store, not an Apple gift card.

As I mentioned above, I strongly suspect that this is all related to the recent enormous hackings of Sony and Epsilon. A smart hacker figured out that a) Apple recently started forcing us to use email addresses for our Apple IDs, and b) people often use the same password for various sites when their login is that email address.

So, they got the emails and passwords from either Sony or Epsilon and then simply wrote a program to start running through the millions of pairs they had stolen.

Just my $.02-worth.

Isnt coinstar the same as getting a gift card though? You still have to buy the credit and load it onto the account. I had loaded gift cards and also a voucher from the petrol station (not a gift card) and was done. I also don't have anything to do with Playstation or anywhere else so I think that is not what this is. It looks like it has nothing to do with credit card accounts only loaded accounts and it may have something more to do with Apple and their gift cards and vouchers and thats why they are not saying anything. Possible faulty codes?

They still get their 30% also so why should they worry.

Got a refund, but don't expect an instant reaction.

Once reported to apple it's taken about a week to get my account refunded and reactivated. It's not just Macs affected which does make me wonder what/who is behind this. I still suspect that the problem lies not with us.

Just got hit yesterday also. I had downloaded the poker app via one of those free app a day programs. I never even opened it and it wiped out my giftcard balance yesterday which I had only put on this week. The only thing I did yesterday was select update all the app updates and I wonder if this somehow made multiple purchases. I do remember the updates prompting my password but I just got the iPad recently so I don't know if this is normal since I usually update when I do my daily sync.

Yeah, this just got me today too. However I am a PC user, and I have not bought anything from the store in a long time Luckily I took my CC# out of my account months ago when the first iPads came out and Apple got querystring hacked, which by the way was friggin priceless.

At any rate, thank you for helping me decide once and for all that I need to smash my iPhone into little pieces and go find a good Droid phone. I'll be sure to record it for posterity and upload it to YouTube!

Me too I got tricks by kamagame Texas Poker, 1. 5 M chips, Seller: KAMAGAMES Ltd. $22.77 waiting for reimbursement:)