Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple: About 400 Accounts Affected, App Store Not Hacked
- Thread starter MacRumors
- Start date
- Sort by reaction score
If you JB your phone and did not change the root password from alpine. It is extremely easy to hack. The fact that you only connect to Itunes from the phone is no protection.
That's not my name. Fail yourself.
No one stole my credit card. Someone bought from iTunes without it and it is clear who did it. Apple could easily clear the charges. Are you saying that Apple will pay the fraudulent developer his share? I don't think so. Apple is just keeping the money unless I fight it with my credit card company. That makes Apple the thief.
Ever seen the Dick Van Dyke show? It is an intentional misspelling of his name.
Idiots.
Another brilliant post. "Consultant?" I hope no one pays you much for this quality of analysis.
You have no idea what my password was but blindly assume that Apple is correct even though they have no intention of offering refunds or responding promptly to this theft. If they keep the money and make people fight to get it back, they are the one's who are stealing from us.
This is not just 400 people. There is no way apps jump to 40 of the top 50 with 400 accounts buying them. Get real.
Because he was able to steal or buy account information from users? Why hire him?
funny that iTunes asked me yesterday to verify my credit card information.
Anyway, what happens now to the developer? I mean he has committed 400 cases of fraud and theft (even if it's just a few dollars in each case.
Most likely the affected accounts are in a number of countries so he should face prosecution in many countries and his name is known. I guess it better for him to not travel for a while.............
BTW: Apple screwed that up by forcing you to have your username, email address and iWeb homepage have all the same name in it when you use mobile me. Even worse you can't send emails from the iPhone mail app and use an alias, you have to use your main email account. and that email address contains the itunes and mobileme user name. how dumb is that? it was pointed out to apple hundreds of times and they could easily change it but they don't.
Anyway, what happens now to the developer? I mean he has committed 400 cases of fraud and theft (even if it's just a few dollars in each case.
Most likely the affected accounts are in a number of countries so he should face prosecution in many countries and his name is known. I guess it better for him to not travel for a while.............
BTW: Apple screwed that up by forcing you to have your username, email address and iWeb homepage have all the same name in it when you use mobile me. Even worse you can't send emails from the iPhone mail app and use an alias, you have to use your main email account. and that email address contains the itunes and mobileme user name. how dumb is that? it was pointed out to apple hundreds of times and they could easily change it but they don't.
If this is true, you should go right to the police, or better yet, the FBI. Even if 40,000 accounts had in actuality had illegal purchases by this guy, the chance of you randomly knowing 30 would be near zero. So you and your associates must be right at the center of a password theft attack. Clearly the best chance for the authorities to catch these criminals is for you and your friends to go right to the authorities, and share with them the details of your life that may have led to this concerted attack on your circle. This is both your duty as a citizen, and the best way to prevent future exploitations of whatever vulnerability is intrinisic to you and your friends. Please take these steps to protect yourself, your friends and the world.
If you had actually read anything about this incident you'd know the apps in question are all in the slowest selling category of the app store.400 sales all at once would be more than enough to jump to the top fifty.
How many times does this need to be explained? It doesn't matter if anyone "stole" your credit card. The account was used for a fraudulent transaction. The remedy therefore, starts with the card company. No merchant hands out refunds to people who say "I didn't make that charge!" without further info for obvious reasons--it's a classic scam. The card companies and banks are the ones who have the resources to investigate, and the wherewithal (and insurance and tax allowances) to take the losses.
It sounds as if Apple actually has started to offer some people direct refunds--this is, most likely, because they are certain about the link between certain purchase origins and the scammer. But by no means can they assume that they know everything, yet. So, most people get to go through the normal process, which is there for good reasons.
If you want merchants to offer direct refunds to every card fraud claim, get ready for a lowest-common-denominator behemoth like Wal-Mart to soon be the only retailer in the nation, because nobody else will be able to afford the loses.
I've never even said that Apple should refund my money. I realize that is what the CC company is for and they will work with Apple on that. My CC company has been extremely helpful with this process, including: freezing my account when suspicious activity occurred, 2 proactive phone calls, 2 emails explaining how to restore my account and what to expect, and they already sent me my new card and I'm up and running.
The other party involved (Apple) has had a singular response in 2 WEEKS: "We'll review it and get back to you" NOTHING MORE.
I would simply like some information (that I have actively asked for many times) supplied about WTF happened and how I can get my account back in good standing so I can use my products. Instead, you all see this response, which is nothing but a PR move, and assume Apple has taken care of things with the customers/victims. Nothing could be further from the truth. Could anyone explain to me why this very info could not have been sent to the mere 400 folks that were compromised? Why a press release instead? If it were truly only 400 accounts, that would seem pretty easy to manage and square away. Instead, they do nothing on the front end to stop the spending spree, and on the back end leave me in the dark about what is actually going on. I have had wonderful customer service from Apple in the past, but on this one, it is pathetic.
The other party involved (Apple) has had a singular response in 2 WEEKS: "We'll review it and get back to you" NOTHING MORE.
I would simply like some information (that I have actively asked for many times) supplied about WTF happened and how I can get my account back in good standing so I can use my products. Instead, you all see this response, which is nothing but a PR move, and assume Apple has taken care of things with the customers/victims. Nothing could be further from the truth. Could anyone explain to me why this very info could not have been sent to the mere 400 folks that were compromised? Why a press release instead? If it were truly only 400 accounts, that would seem pretty easy to manage and square away. Instead, they do nothing on the front end to stop the spending spree, and on the back end leave me in the dark about what is actually going on. I have had wonderful customer service from Apple in the past, but on this one, it is pathetic.
OK, I did just waste some time checking the forums. Here's what I found:
- exactly two (yourself and robertpetry) stating explicitly they had been hacked this weekend.
- another dozen or so stating they had been hacked sometime in the past
- of that dozen, all but 4 clearly stated the hacking was NOT this weekend. The other 4 were ambiguous about when the hacking took place.
So I was able to identify between 2 and 6 on these forums that may have been hacked this weekend.
I'm likely to have missed a couple as it was a quick scan, which is why I included the names of the two that were clearly hit. Feel free to add to that so we can get a real total.
That sucks. On the other hand, having been in the position of dealing with this sort of thing, you have to be very careful not to get ahead of yourself and start making any kind of assurances before you know what's going on--it's easy to find yourself making promises you can't keep, and then people get even MORE upset. You'll notice the card company gave you "good service" by doing what they are built to do--investigate, and in the meantime give you your money back. They're prepared to write off the loss if they can't recover. Apple can't so easily remedy the issues between you and them, because they may not know yet what affects any "remedy" might have.
For example, obviously they can't just turn your account back on because whoever used it before could start using it again--and likely other people might as well, since account credentials are a marketable and marketed item. The common answer is, "reset the password and let me back in!" but that doesn't cut it either--if the problem is a trojan or keylogger, you'll immediately be re-compromised and then it's another giant headache for everyone involved. Plus you'll then be screaming to your local "Consumer Watch!" segment on the evening news about how Apple's servers are obviously pwned because your account keeps getting hijacked.
Etc, etc. The point is, it's not good for them OR you to re-enable your access before having a handle on what happened.
You fanbois are amazing to me. My credit card account was not hacked. My Apple account was. Apple knows it was. They know who did it. They are not paying the perpetrator. But they are not responding to me in anything close to a satisfactory way. And they are keeping my money unless my credit card company takes it away from them.
You really think that is right? Seriously? Would you feel the same way if it was any other company?
Never mind. You are unable to answer that honestly.
Apple can easily resolve this for us and they won't. That is very clear.
Fair enough. However, I think you are misunderstanding my main problem. With the CC company, everything was proactive. With Apple, everything has been reactive, but with next to no info on what is taking place. I received 2 phone calls from the CC company to explain things to me and make sure I was taken care of. Apple offers zero information yet is happy to spew broad statements to make the public think they have resolved everything. They play a very good PR game, and most here are happy to play along.
I have already given in to the good possibility that something I did (or didn't do) may have led to this, but it has been quite a while now with nothing more than "it's under review". Kinda hard to spend more money with them - movies on my ATV, music, new apps, updates to apps, books, who knows, when I'm in limbo for weeks on end. How would anyone like their Apple ecosystem to come to a standstill because the primary means of consumption is currently dead. Seems to me if they are not set up to handle these situations, they should spend a tiny bit of that war chest to get there. Also seems like the responsible thing to do if they want to store this personal and financial info.
Thank you detective Foley.
So, because some of us didn't give you an exact timeframe, and Apple said something about this weekend, our security breaches don't count and only the ones Apple says apply? I get it, everything Apple says is the full truth, and any of their customers with issues are either morons or liars. I must have been holding my iTunes wrong.
In all honesty, I feel that folks like this actually give Apple more of a bad name than my complaint would. Many don't like the elitist attitude of Apple fanbois, and blind loyalty makes you more of a sucker than I.
Apple is doing this correctly if they're telling you to go to your credit card company and dispute the charges. That's the established legal procedure for handling things like this. It's exactly the same as if someone got your credit card info and used it to buy something at WalMart.com.
So you are saying Macrumors is lying?
https://www.macrumors.com/2010/07/04/reports-of-app-store-hacked-greatly-exaggerated/
Bravo....
Honestly, sometimes I wonder why anyone with any legitimate problem would post on these forums.
God forbid they have a defective problem with their iPhone, iMac, or whatever, and even more distressing, should they say they had their iTunes account compromised, they usually get flamed and told by the macboys, how it's their fault, Apple is not to blame, get over it....
It's a wonder that the Apple elitists don't understand why Apple sometimes gets a bad rap for their fans.. Because you think you can do no wrong, and every thing Apple does is right.
If you'd STOP and actually think about it... even if ONE person was affected, Apple should at the very least try and get to the bottom of it, credit the charges, do ANYTHING other than some canned email basically stated, "it's your fault, you got scammed" end of story...
Quite honestly, it seems there are some real people who can understand the issue here (we had money taken from us) where others just like to place blame on us for falling for what STILL has not been explained.
They must be in the group who are too intelligent, or tech savvy to ever fall for such a scam.
God forbid...
I for one, would understand if such a thing happened, and wouldn't place the blame or respond with "told ya so"....
I really don't understand some of the people on the board sometimes..
It's a f'king brand, not a religion.
Get a life.