11 Replies Latest reply: Jan 3, 2014 4:26 AM by Basexperience
rcgirish Level 1 Level 1 (0 points)

Hi Support,

I got a automated msg on 28/Dec/2013, that my "credit card" information has been modified & also couple of downloads have been initiated.

I have NEVER modified any of the credit card info & neither initiated the said downloads. (someone from Taiwan has hacked into my apple account)

My account has been hacked & has been compromised. Please let me know immediately how you can initiate action & also ensure that no charges has been levied & also can any action be charged against the offender ?



Many Thanks,


iPad (3rd gen) Wi-Fi + Cellular, apple account
  • King_Penguin Level 10 Level 10 (115,135 points)

    Other people have posted about the same things over the last couple of days or so. You've changed the password on your account ?


    You can view the purchase history on it on your computer's iTunes : log into your account on your computer's iTunes via the Store > View Account menu option, you should then see a Purchase History section with a 'see all' link to the right of it. Click on that and you should then see a list of your purchases.


    You should also contact iTunes Support and let them know (these are user-to-user forums) : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

  • rcgirish Level 1 Level 1 (0 points)

    Thanks very much King_Penguin for such a quick reply & a very detailed help. Appreciate it.

    This resolved my query & I have now raised my question at the right forum which you mentioned. I have sent a mail to support detailing on the issue.

  • jeffrey512 Level 1 Level 1 (20 points)

    I'd recommend changing the password for your primary email address and then add a rescue email and complete verification of the rescue email.  Then update the Apple ID password.

    See http://support.apple.com/kb/HT5312 for information about the rescue email.


    Your credit card was probably removed from the account because any credit card information is useless to someone that is accessing the account on a new computer or device without authorization unless they are able to provide the expiration date and security code (CVV) of the credit card.  The only information they can view in the Account Details is the card type and last four digits.

  • thomas_r. Level 7 Level 7 (30,630 points)

    Just to add to what KP said, note that just changing the password on the Apple ID is not sufficient.


    It's still unknown what's going on, but there have been a LOT of these kinds of attacks coming from Taiwan over the last few days. Changing the password on your Apple ID is an important first step, but since we still don't know how they're getting in, it's also important to do a couple other things.


    First, you need to change the password on any rescue e-mail addresses associated with your Apple ID. That may be compromised as well.


    Second, it's important to ensure that hackers cannot take control of your Apple ID away from you. You need to enable two-factor authentication on your Apple ID:




    Note that, if you have any devices running iOS 7, that second step is very important. If you don't do that, any hacker that gains access to your Apple ID could potentially make those iOS 7 devices permanently unusable by 1) changing your Apple ID so that you cannot regain access, and 2) locking the device with that Apple ID.

  • rcgirish Level 1 Level 1 (0 points)

    Dear Jeffrey,

    Thanks for the useful piece of information. Yes, I have setup a rescue email id already for my account.

    Its also good to know & get a confirmation that the credit card information that I had already setup is useless ;-) , & yes , you are right, the existing credit card information was removed....

    But, I am really worried & the security threat looms after such hacks by such hackers and my personal card information being easily shared & made accessible by sites/companies such as Apple ....


    Thanks again for your time

  • rcgirish Level 1 Level 1 (0 points)

    Thanks Thomas,

    Yea, its worrying to know on the attacks from these Taiwanese Hackers ! moreso with my personal data & my credit card details getting compromised, thanks to Apple


    I did try to add "2 level authentication" to my account. But even after following the steps mentioned in the help section, I dont find the "Two-Step Verification" menu/option under "Password and Security" menu in my account.

    I only find the sections "Security Questions", "Rescue Email Address" and "Select your birth date"....


    Hope I can find this out and I shall enable the 2-step verification on my account....Thanks for your time as well

  • King_Penguin Level 10 Level 10 (115,135 points)

    What country are you in ? The 2-step verification was originally only available in the US, UK, Australia, Ireland and New Zealand - I'm not sure if it's been extended to other countries since then

  • thomas_r. Level 7 Level 7 (30,630 points)

    moreso with my personal data & my credit card details getting compromised, thanks to Apple


    Why "thanks to Apple?" There seems to be a lot of misinformation floating around out there, and a lot of people are pointing fingers at Apple with no evidence whatsoever.


    Online accounts of all kinds get hacked all the time. The fact that there are a lot of Apple IDs getting hacked from Taiwan right now does not mean that this must be a problem caused by Apple.


    Don't make assumptions that might blind you to the everpresent dangers of having any kind of account on an internet server.


    I dont find the "Two-Step Verification" menu/option under "Password and Security" menu in my account.


    I didn't realize that this was limited by country, but I would bet that KP is correct on that point. That's too bad. If you can't enable this feature, that makes it a lot more important for you to use very good passwords, both on your Apple ID and any rescue e-mail addresses. Don't assume your password is safe just because it has upper and lowercase letters and numbers... that is not necessarily the case. For best results, use different lengthy, random passwords for every account, and use a password manager to keep track of them.

  • rcgirish Level 1 Level 1 (0 points)

    Dear Thomas,

    Thanks for your thoughts..


    I will continue to stick to my comments and will still blame "Apple" for building such weak security around their ecosystem. I do agree I am entering into the world of dangers associated with internet but I would still want Apple to ensure my account's security as they are responsible to ensure their customers' account safety. Well, I would stick to this and will want Apple to wake up and also to strengthen their website...


    and yes, I am in Singapore and the 2-step verification is not available in Singapore [I can't comprehend the reason for making such a security feature region-specific by Apple ! ]


    I would like to thank you again for sharing your feedback & time.

  • rcgirish Level 1 Level 1 (0 points)

    Hello KP,

    I live in Singapore & seems like this is not available yet here.



  • Basexperience Level 1 Level 1 (20 points)

    We have another thread on Taiwan Apple ID compromises running here:




    Always interested in linking these things up to look for common features if possible. My Wife had her account compromised on the 24th of dec 2013 and 2 apps (free ones) were downloaded. My guess is that this mechanism is used to see if the user keeps an eye on the email account associated with the Apple ID: a small "feeler" to see if the owner is watching. If they're not, I guess the account is then used for other means (in-app purchases, perhaps).


    It seems curious how many of these are emerging from Taiwan.