Approved iPhone application steeling money from iTunes accounts!!!

[abc123]

Secondly this app by-passes all security for the account. I don't know how but it does. I never downloaded the app to any of my iOS devices / macbook and yet it managed to charge my account numerous times.

I'm a little bit confused. Are you saying that you didn't download the app from the app store in the first place and never played or opened it on your devices? If that is the case, that information should have probably been included in the first post and the email to apple.

I'm going to guess that the game developers probably have disguised the in app purchases well which is deceitful and wrong on their behalf. As far as I know in app purchases do not require you to enter your itunes id or password (though I've always had them turned off in my settings so am not certain). Maybe a friend or family member downloaded the game onto your device and played it for a bit not realising what they were doing?

I hope you can work out what happened, certainly sounds strange.

edit: the email response from apple is probably just a copy/paste standard reply. It is very possible that they will investigate further, especially if they get more complaints from other people having the same problems.

 

[SomeDudeAsking]

The way Apple does in-app purchases is just plain dumb. You are just asking to be ripped off. In-app purchases should be disabled by default and/or require a password. There are so many damn games out there where you can just hit a few buttons to buy worthless things.

 

[Night Spring]

The way Apple does in-app purchases is just plain dumb. You are just asking to be ripped off. In-app purchases should be disabled by default and/or require a password. There are so many damn games out there where you can just hit a few buttons to buy worthless things.

In-app purchases do require a password, and as far as I know, there isn't a way to change that setting.

 

[azzyboi]

I'm a little bit confused. Are you saying that you didn't download the app from the app store in the first place and never played or opened it on your devices? If that is the case, that information should have probably been included in the first post and the email to apple.

I'm going to guess that the game developers probably have disguised the in app purchases well which is deceitful and wrong on their behalf. As far as I know in app purchases do not require you to enter your itunes id or password (though I've always had them turned off in my settings so am not certain). Maybe a friend or family member downloaded the game onto your device and played it for a bit not realising what they were doing?

I hope you can work out what happened, certainly sounds strange.

edit: the email response from apple is probably just a copy/paste standard reply. It is very possible that they will investigate further, especially if they get more complaints from other people having the same problems.

In my second e-mail to Apple all of this was explained hence why they said they are looking into it. Nobody else has access to my iOS devices and the very least my iTunes account details to be able to have downloaded the app. But like I have said, I never even downloaded the App. If you check the reviews on the app store you can see that loads of users have never downloaded it and have had the same thing happen to them.

I've had a phone call from someone at Apple from an American Number and the girl I spoke to who I shall call CS1 basically said that they are monitoring the situation and that the the app is no longer available to download, you get a "cannot buy this item" warning. Personally, I cannot confirm this as I do NOT want to download this app in case it hasn't been pulled.

I'll post any more updates as they come in

Aaron

 

[involver]

I have had the same issue. I did not buy the app or make any in-app purchases as I do not have any iOS devices. Apple refunded me but I still have no idea how my itunes login security was compromised.

 

[Warbrain]

And how exactly is it "steeling" money?

Well, they take money ore and smelt it.

 

[gib786]

Looks like I'm not the only one who has had unauthorized purchases from this pos app. Trouble is, I've never heard of this app before let alone download it!

Got an email receipt from apple this morning with the following purchases:

Item Number Description Unit Price


1 帝國 Online, 2340銀幣禮包, Developer: GAMEISLIVE CORPORATION LIMITED
Report a Problem £1.19
2 帝國 Online, 2340銀幣禮包, Developer: GAMEISLIVE CORPORATION LIMITED
Report a Problem £1.19
3 帝國 Online, 5850銀幣禮包, Developer: GAMEISLIVE CORPORATION LIMITED
Report a Problem £2.99
4 帝國 Online, 5850銀幣禮包, Developer: GAMEISLIVE CORPORATION LIMITED
Report a Problem £2.99



Order Total: £8.36

I have sent them an email informing them they are unauthorized. Still don't know how the app managed to access my account if I have never even downloaded it

 

[aitchy21]

This has just happened to me!

I have not used my account for a month or 2, so i go onto itunes today to update some apps, itunes says my account has been disabled, so i email them about that, next i do some investigating and find out that this company has or app has taken all my remaining credit (£22)

I never did download this app ever!, how can it take my money and charge me for in app purchases,

I can swear I never downloaded it, because its not the sort of thing I download from itunes wtf,

so I have now emailed itunes again about it, good job I never had a credit card linked to my account

Im so angry

 

[CylonGlitch]

Having read this thread a week or two ago; I turned off in app purchases. Last night I downloaded some flying game that was free. While entering into the game I kept getting popup warnings, "In App Purchases Disabled". It looked more like a system error then anything else; and no where does the game talk about in game purchases or that it is going to access your account. Kinda had me worried; glad that it was disabled.

 

[carlyg]

Me too!

I am pretty Livid now this is also happening to me and has now happened twice. The first time I had not bought anything for a couple of weeks or so and logged onto download something from itunes via my iphone expecting £20 odd pounds worth of credit! There was 8p!!! I was like eh?? So looked at my transactions and saw loads for this Gameislive Corp... I immediately changed my password and emailed iTunes. I got the standard reply it seems as others have posted below but I wasn't really satisfied with that. I am now concerned about Card Details. When this happened the first time i noticed that there was no card registered on the account. Whe I first had the account you have to register with a card you have no choice but when i logged in and found what had happened i also noticed that there was no payment card on file. Strange! So I went through the procedure of getting everything reset via iTunes and wanted to purchase another song. I tried to do this with the credit on my account but it wouldn't let me use the credit without entering my card details. So thinking this was all resolved I went ahead - FFS This is Apple a company I thought I could trust! So when I have logged in tonight and realised this has happended again I have checked my account and once again the card has been removed from my account! EEEHH What is going on! Has this happened to anyone else? I have since changed my password and deleted all Apps I no longer use and set the in app purchases to not allow as I didn't know this was possible until reading some posts below. I have emailed the same lady back as the first time was only a month ago and hopefully she will remember and come back to me straight away. this is absolutely ridiculous I have no idea which App it is and have no daft ones on there particulaly. I don't have any apps installed which are developed by Gameislive corporation either it is all very strange.
Anyway thanks for Reading and any further tips would be great!

Carly

 

[outphase]

I don't think that the app is the problem so much as there is someone who acquired your iTunes login information and is wrongfully using your account.

 

[TheSKP]

Had the same problem on my Iphone about 1 hour ago. Had an email telling me my address/payment details had been changed. I thought this might be a phising email so logged on to my appstore (via phone) account to purchase a free app so when asked for my password i could see if it was correct sure as hell it was still the same password.

I then changed it as a matter of precaution and went back to itunes to check! Only to see my credit go down by £12 quid.

Seems my account app purchase history is to gamesislive corp.

Sent an email to Apple!

First post "Hi all x"

 

[ZackO]

I don't believe it! This has just happened to me! I checked my email and saw a string of iTunes purchase emails and decided to check them out. Over $200 has been taken from my account! They're all listed as "In App Purchases", and yet I've never authorized a single in app purchase, and in fact haven't bought an app since the introduction of in app purchases! I'm in a state of shock right now... I don't know what to do. First thing in the morning I'm calling Apple support.

If anyone's got any more information on the issue, I'd love to hear it.

~Zack

 

[psonice]

It's *not* the app doing this by the sound of it - people are saying they've not bought the app and are still seeing purchases from it on their account. That can only mean the account has been stolen, and somebody else is buying the game and making purchases on it (probably somebody in China).

If this has happened to you, change your itunes password to something secure immediately.

Then the next questions have to be: how are the accounts getting stolen, and why this app in particular?

How the accounts get stolen: either a phishing email asking you to confirm your itunes details - anyone had this? Or perhaps a virus on your PCs that's using a keylogger to capture username + password details? What OS are you all using, PC or Mac? The other option is a dodgy app if you've jailbroken. Have you?

Why this app: 3 possibilities.

1st is that it's a dodgy developer. They've made this app specifically to do buying with stolen accounts. There's probably nothing wrong with the app itself, but it's being used to launder stolen money. I think this would be pretty hard to do, but it's possible.

Option 2: It's an honest developer who's account has been stolen. The crooks have the dev's account details and have changed the banking details, so apple are now paying the crooks instead of the dev. In this case the dev is as much a victim as anyone else.

Option 3: A *very* dodgy marketing scheme. There are companies that will promote apps to get them into the charts - and as a dev myself I can say that getting into the charts is pretty critical if you want to make money. The methods these companies use vary a lot. Some will advertise your app on the web, which is fine. Others will trash your competitors with fake reviews, while giving your app a load of 5* reviews.

And some have been reported to use a network of stolen accounts to download the app. I've only heard of the last one used to get free apps, but for the right money I think somebody would do it with a paid app. If that's happened, it all comes down to whether the dev knew what he was signing up to.

(I've not used any of these myself btw, but came across a lot of info on it while researching what I could do about a fake negative review)

Good luck getting this sorted out. Perhaps it would be good to get the issue some publicity?

 

[Stealthipad]

I think that the error is YOURS! You have allowed your password to be compromised.

 

[Phil A.]

I don't know if this is relevant in this instance, but it is a bit concerning (Chinese Auction sites selling compromised iTunes accounts).
I guess the real question is how these accounts are being compromised - if it's through phishing or similar tactics then the users have only themselves to blame, but if it's through some other means (security issues, insider activity, etc) then it's more of a concern

 

[psonice]

This seems to be happening to UK customers - LOTS of complaints on the UK store, on the US store the reviews seem pretty good. Any other countries?

Also, the reviews make it very clear that this is down to hacked itunes accounts. People didn't download the app, so it can't be a dodgy app. And if it was a stolen card rather than the itunes account, the criminals would have set up new itunes accounts because they wouldn't know your username + passwords.

So again, change your itunes password immediately, to something secure. A quick guide to 'secure': the password should be 8+ characters, MUST NOT be a word found in the dictionary, and ideally contains a mix of lower case and capitals.

e.g. "iphone" is a terrible password, it will be guessed within a second or two. "h3adPh0nes" would be ok, it's long and hard to guess, and not too hard to remember.

I don't know if this is relevant in this instance, but it is a bit concerning (Chinese Auction sites selling compromised iTunes accounts).
I guess the real question is how these accounts are being compromised - if it's through phishing or similar tactics then the users have only themselves to blame, but if it's through some other means (security issues, insider activity, etc) then it's more of a concern

They could well be linked. Clearly somebody is using hacked accounts to buy this game in the UK, but not in the US. Question is, who, and why? The developer would obviously profit from sales, if their account hasn't been hacked. But why the UK again? The website is registered in Hong Kong.

 

[psonice]

The devs have a response on their site: http://lakoo.com/en/unauthorized-iap.html

Doesn't answer who is doing this or why though. Another possibility came to mind: somebody is hacking these accounts and selling them to gamers in the far east. The gamer then buys the game with your account, and loads it up with in-app purchases, and gets playing. Considering how rife piracy is there, I wouldn't be particularly surprised.

So why only UK accounts? What do you all log in to itunes with, i.e. your itunes username? There's probably a link. Don't post your full itunes username of course, but if it's an email address what does it end with? i.e. is it yahoo.co.uk or something like that? Or does it start with UK?

Was your password either a dictionary word or something easy to guess? (I know somebody whose gmail account was hacked.. their password was almost exactly the same as their username. Convenient, and it LOOKED quite safe as it wasn't identical, but it was hacked.)

If we can find some link here, we can perhaps a) get closer to figuring out who is doing this and b) warn other people before it happens to them.

 

[ZackO]

I have since changed my iTunes password, but it was by no means weak in the first place. Also, I never purchased or even owned the app purportedly making the In App Purchases. Also for the record, I'm in Canada.

~Zack

 

[psonice]

I have since changed my iTunes password, but it was by no means weak in the first place. Also, I never purchased or even owned the app purportedly making the In App Purchases. Also for the record, I'm in Canada.

~Zack

Interesting - there's no negative reviews in Canada (well, none relating to this issue). None in the US. But LOTS in the UK.

It definitely sounds like a stolen account though - if your password was fairly strong, and you've not had any emails asking for your itunes account details for any reason that you replied to, I'd get your computer checked for viruses. Is it mac or PC?

 

[DeathProof]

https://forums.macrumors.com/threads/1077395/

 

[ZackO]

Interesting - there's no negative reviews in Canada (well, none relating to this issue). None in the US. But LOTS in the UK.

It definitely sounds like a stolen account though - if your password was fairly strong, and you've not had any emails asking for your itunes account details for any reason that you replied to, I'd get your computer checked for viruses. Is it mac or PC?

It could be simply because the UK has a greater population, but it's still strange. I never had any emails or anything. I'm on a PC (please, no accusations of viruses just because of that), but I'm running Anti-Virus software 24/7, and I haven't even logged onto the iTunes store on my computer in weeks.

~Zack

 

[EmmaG1959]

Another one

My daughter's account has had £20 removed apparently for In App purchases from Online. I will be phoning Apple in the morning and try to get a refund.

I don't think it's individual hackers - it can't be a coincidence that the purchases are all for the same app.

 

[psonice]

https://forums.macrumors.com/threads/1077395/

The developer might be totally innocent, we don't know. It's not the app doing this anyway.

It could be simply because the UK has a greater population, but it's still strange. I never had any emails or anything. I'm on a PC (please, no accusations of viruses just because of that), but I'm running Anti-Virus software 24/7, and I haven't even logged onto the iTunes store on my computer in weeks.

~Zack

Canada (according to my app sales at least) is not far behind the UK for iphone use. And the US is way ahead yet has no negative reviews for this issue. Very odd!

The virus question: I'm thinking that a lot of people on this forum use macs. If many of them have this problem, we can probably rule out the virus (it's possible, but pretty unlikely - and I've not heard of a mac virus that steals itunes accounts). And having virus protection is no guarantee unfortunately - we had a PC at work today that was still infected after running 2 different virus scanners in safe mode. It's fully patched and also running virus protection 24/7. Something somehow still got on and is refusing to leave. This is very rare, but can happen, and the people writing these things are finding ways of making money from them.

(And for the record, I run antivirus on my macs these days too )

My daughter's account has had £20 removed apparently for In App purchases from Online. I will be phoning Apple in the morning and try to get a refund.

I don't think it's individual hackers - it can't be a coincidence that the purchases are all for the same app.

Agreed, it's likely a group or one individual. Question is who + how. The big clue is who benefits. The developer gets the money (except the money that's refunded), and whoever hit the buy button keeps what they bought.

If it's the developer, they're taking a huge risk for what seems like a lot of work on a game like this. And they're updating the game with new versions. I can't rule it out, but that doesn't feel right.

If it's gamers? Well, this is a free game with expensive in-app purchases. It's very popular in parts of the world where a lot of gamers are used to paying $0 for their games (I've been there enough to know). I can believe there are people there who'd buy a username and password for a small fee instead of paying $30 and getting it legally.

What other games are popular in places like hong kong + china, that feature lots of in-app purchases? Anyone know?

 

[Lakoo]

In reply to hacked iTunes accounts

http://itunes.apple.com/gb/app/id371613788?mt=8

this application has stolen £30 from my iTunes account through in app purchases!
This application is free however the developer has found a loop hole to buy worthless in app purchases which they will buy as many as your account will let you, for me it was £30 because that's how much I had from gift cards, luckley it wasn't associated with a bank card.

looking through the reviews it seems im not the only person to fall victim to this problem.

apple really? This has been here for almost 2 weeks with lots of complains (reviews & emails) and they haven't done anything and I have already contacted them.

Dear Gamers,

We are sorry to see there are still victims in the unauthorized In-App Purchasing incident.
For the past month we have been receiving countless e-mails from victims of this incident. It appears that iTunes users have had their iTunes account hacked for making In-App Purchases in our app. After reading about the news article, we realize the hackers are selling hacked iTunes accounts online: http://news.yahoo.com/s/afp/20110106/tc_afp/chinaitinternetcrimeretailtaobaoapple

We have no connections with the hackers and we are also one of the victims of the incident. Since the incident started, we have been cooperating with Apple and making all refunds possible whenever a customer sends us an e-mail regarding this issue. We have made our official reply on our homepage once we were aware of the issue: http://lakoo.com/en/unauthorized-iap.html

Once again, we would like to restate that we have no connections with the hackers, all victims of this incident should first contact Apple for a refund and send us an e-mail at cs@lakoo.com so we can cooperate with Apple for your refund.

Lakoo