Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

I think my iTunes account was hacked?

Same thing happened to me, but they only used up an iTunes balance I had via giftcard. I'm convinced it's a developer sponsored attack because they had purchased 4 apps, 2 each from 2 different developers. The kicker is 2 of the apps aren't available in the US store!

I asked iTunes support how this was possible, and they kept giving me the runaround. Eventually they told me they were purchased in the US store, and developers and labels, etc. can make their titles available when they want and remove them when they want. It sounds fishy to me. I think there's an exploit they don't want to fix or maybe can't find.

When my account was hacked, they changed my email address and password to something blatantly fake, and the challenge question and answers were just a long series of numbers. I complained to Apple asking how none of this triggered any red flags on their end and got no response. I just don't understand why they don't email the old address on file if the email address on the account changes...seems like it would help all of us know something what wrong much earlier, and maybe we'd have a chance to do something.

Does anyone know of a way to find out if an app was sold in the app store on a particular day? I have a feeling Apple is feeding me a line of bull and I'd like to call them out on it if possible. The bottom line in my case is that Apple isn't losing money since it was a gift card balance. Between this and some poor Genius Bar help I'm really questioning Apple's customer service.
 
It seems to me that Apple only cares how about getting the money. It doesn't matter how they get it or where it comes from. I know there are only a handful of us that this has happened to but I'm seeing the same customer service and support for other products as well. And don't get me started on iTunes itself. It could be so much better but they refuse to make things easier. Anyway rant over. I hope you all get this settled like I was able to.
 
Hi guys

This has happened to me TWICE now!!

First time was a couple of weeks ago, couldn't update my apps saying the password wasn't recognised and the a 'sorry' page came up when I used the 'forgot my password' link. Emailed Apple and they said someone had accessed my account, they'd spend 59p. My bank refunded me the 59p, sent me a new card and apple reset my account. Anyway today I checked for updates for my apps and had loads, so I entered my new card details and got the updates sorted.

Then this evening I get an email saying that someone had bought a £5.99 app!! I've emailed apple again and contacted my bank, thank god for 24hr banking!!

I just can't believe this has happened twice in so many weeks! I changed my password to someone random and i've now changed it to something random again!

ARGHHH
 
I think my i-Tunes account was hacked

Just got my most recent credit card statement and discovered over $400 in charges for i-Tunes! CC company was very helpful. I canceled the card and am not liable for the charges. Support from Apple, however, is another story. The tech says she cannot back out our account information just yet. This process began two days ago. In the text of her e-mail reply to us, our e-mail address was incorrect, but she did not make mention of that until I pointed it out. But isn't that exactly what the hackers have been doing, changing bits of information? And this has been going on for a couple of years now, right? Also, only authentic purchases that we have made show up under "Purchased" and we did not get any receipts from i-Tunes for those unauthorized purchases. I am a loyal Apple fan, but this has made me very angry. The credit card companies aren't my favorite people, but they shouldn't be taking the fall for Apple's lack of security. The only phone numbers I can find for Apple are for ordering or for hardware support. Does anyone know how to make phone contact on this issue?
 
Got me too!

The phone number I called was 800-676-2775.

The hacker charged $400 with of music, changed my Apple ID, email address, password, birthdate & security question. When I called Apple the woman could not believe that my Apple ID was gone and basically called me a liar. Terrible service from Apple. But after 2 days of talking to people & emailing the customer service from the Itunes Store, they were able to change all my information so I could get back into my account.

I asked how this happened, they said I gave my password out, which I never did. Tried to blame everything on me. I am glad that I found this forum & know it's not all my fault. Maybe the need to look at their security policy.

Apple wouldn't give me a refund so now my bank is handling it, still have received my money yet.
 
Happened to me today. Mine is a strange case though. They downloaded about 40 FREE apps, and one paid app. No idea how they hacked my account.
I have now taken my account off of paypal, and will only use a prepaid card.


They did not change my information, it was all there, I was able to log in.
They have been downloading apps for the last 5 days. Really strange.
I did sell my old ipod nano when I bought my touch , makes we wonder if they got my info from it somehow, as I forgot to erase the songs on it before I sold it.

Strange that they would only load free apps and only charged $1.00 app on the paid. I got lucky there. I have changed all my passwords including paypal.
Can they still get back in there and do further damage?
 
So iTunes leaves your credit card and personal information on all of your purchases?

I really hope not because that would be ridiculous.
 
Well until they figure this out, I have just sold my Itouch. No point in having an account where I do not feel safe . After taking my payment methods off there was not point. I live in the boonies, and itunes cards are an hour drive away.
Just not worth the hassle. Then I would not feel safe leaving any balance on there. My whole point of having the touch was so I could download things during my hospital stays.

If they ever get it fixed, I may get another in the future as it is a great product.
 
I also had a similar problem with iTunes rejecting my password. At one point, I purchased a TV season with downloads yet to be finished. After restarting iTunes, I find that my password is invalid, yet I had entered it to purchase the season earlier. I went to reset my password and got my account back in my hands. Luckily nothing was wrong or spent on my account but after seeing this thread, maybe there is something to think about what had just happened to me..
 
Guys, I'm surprised that nobody has suggested that your computers may have been compromised, or you've accidentally responded to phishing spam with your passwords. If you're on PCs, you should run a full virus scan and something like malwarebytes, and possibly a rootkit scanner. If you're on macs, the virus/infection is less likely, but the phishing/fake website possibility is still there.

Run as many scans as you can and start changing your other important passwords from a secure machine.
 
Unfortunately, I too can be added to the list. I hate to come across this forum due to this but maybe we should all start banning together somehow and sign something. It appears that this has happened to alot of people and I can't help but believe, in my case anyway, that Apple has a major security breach issue on their hands. Here's my story:

The other night I get home and check my email on my iPhone and to my surprise I have several emails from iTunes showing pruchases. It turns out they downloaded one app called Original Gankstas for $3.99 and then there are things that they can buy through the game for up to $150 that helps you out in the game. I for one, cannot believe that Apple lets their developers have this type of thing even present in their games because this is just begging for trouble. But anyway, they bought several of these $150 items ...to the tune of $1300.00 all in one day. I was able to log into my account and change the password and take my debit card off of the account but I had to wait until the next morning to call Apple and my bank about it.

The bank points me to Apple...Apple points me to the bank (of course). I call Apple and finally get ahold of someone in tech support and they tell me that I'll have to pay money just to speak to someone in their iTunes billing department.... WHAT THE F%^&!!! REALLY? How can a company the size of Apple actually do this to their customers? If I were to buy something from any other store in America and have a problem with it then they would have a customer service system set up to provide me service free of charge....it is a part of their business to do so. Anyway, I finally get them to transfer me to their billing department free of charge and their billing department gives me a fraud case number and tells me that I will have to give it to y bank's fraud department Monday morning. My bank told me that I also had to fill out a police report (which I did) and bring the report in Monday morning as well. But it appears that Apple is not refunding the money and is going to make my bank pay for this. The bank actually says that they have seen this several times before. SO my question really is....just how many people has this thing happened to ...and WHY is Apple making the banks pay for it?

It appears to me that Apple really has no reason to care about the people that this is happening to because they are making money from these scammers and scammed people. Class action lawsuit anyone?

If this has happened to you and you'd like to get in touch with me PM me with you email address and I'll try to start a list of all the people this has happened to. It appears to me that it may take something like this in order to get to the bottom of the issue at hand.

Oh, and I highly doubt that this was a keylogger on my PC because I NEVER log into my iTunes account on my computer...just my iPhone.
 
iTunes hijacking

Let me add my voice to the chorus here. account was hacked end of feb beginning of march. was authorized to 3 other computers. they changed my country to china and downloaded $250 of apps from the chinese itunes store.

The apple support staff member was courteous and informative. But there was some strange stuff too. She told me that she would assist me "as best as I can within the privacy laws". My account gets hijacked and they can't tell me exactly what went on because there are privacy laws??

She also said from the get-go that apple could not refund the charges and told me to contact my credit card company. I got a letter from them today saying they can't do anything.

Here's what gets me, though. My credit card is registered at the bank of my nationality. Whenever I have tried to purchase things from an itunes store in a different country, I have been told that I can only make purchases in the store of the country where my card is registered.

Also, the hijackers hacked my itunes account. They didn't get my itunes details from anywhere else. They weren't able to get my credit card details from my itunes account because itunes only retains the last 4 digits of your cc number in your itunes account. Had they accessed my email account for example, they could have gone into my paypal too.

They would have gotten much more except my cc was near its max. There are still $20 of charges pending so my account is stuck in china because I can't make any changes to my account till outstanding payments are cleared.

This is really bad. This is all due to lax security procedure from Apple
 
organising

Hey Runich

I second your suggestion that people should get together and try to take this further.

The rules on this site are that you can't PM other members if you are newbie and have made less than 5 posts on the forums. I will PM you when as soon as the site permits me to.
 
Hacked as well... :/

My wife and I saw a charge pending of $40.77 yesterday (luckily only 40 bucks...but still). Our bank told me to call Apple first because they couldn't do anything about a pending transaction. So I did and we got a case number from Apple. They were able to verify that my wife's account was indeed compromised. I asked how, but Apple said they have a "team investigating it". We couldn't even log into her itunes account at all. The bastards changed all her log in information (of course). I'm just glad that both Apple and my bank were very kind during the time I filed the complaint. Both parties involved were very helpful.

Oh, and friend of ours had $100's of dollars in charges to their account recently that they didn't make. Good times. Found that out yesterday too.

Anyway...scary stuff to say the least.

Better security is obviously needed for itunes online and on portable devices (iphone, ipods and now the ipad). Who knows what information is being pulled from your account with these apps that are out there. "They" have obviously found a way to get into a persons itunes account. I blame it on an app that is out there that is pretty popular. Could be a game, could be a fart app, could be a gps app...could be any app. But I think its an app that is sending the credit card information back to the hackers and in turn, they are able to get in, charge up a good time, and we suffer for it.

Thanks China. ;)
 
Just wanted to add my Me Too to the list. :eek:

No way to contact apple except through email. Still waiting to heard from them.

CC is now canceled and they are giving me a new card.

I was able to access my IT account and delete the CC that was in there. While I was trying to do that, I once got an error that something was changed and I had to try again. I think I beat them and have them locked out now.
 
On this subject, I wish Apple would make de-authorizing accounts accessible within account settings in iTunes, with a security question/answer confirmation. Maybe automate de-authorizing each system authorized, if the account on systems X are not used within X number of days or weeks?
 
Same thing here.
Last night, literally 10 minutes after getting horrific phone call detailing family emergency, my husband walks in and asks why there's two separate almost 50 dollar charges to iTunes store.

Funny thing though, I was able to log in to my iTunes account. The password had not changed. They only added 2 more computers to the account and proceeded to have a shopping spree.

I removed my card info, changed the email address, and immediately clicked "report a problem" on the fraudulent purchases. Another charge, one for just under 7 bucks, hit our bank account WHILE I was going thru the steps on iTunes to remove card info and such.

Then I called my bank and canceled my card (will have to wait 7-10 days for a new one) It's the weekend so I couldn't even talk to a live person, and used the automated system to cancel my card. Sigh.

I have to say, first phone call to Apple went horribly. They were very "It's not our fault, it's yours" and actually hung up on my husband. I called back, and got a much nicer person who was helpful, when apparently she didn't need to be. She helped me get to the right place to de-authorize the additional computers. I did that... still waiting to hear back from Apple concerning those reports.

Here's the kicker. The purchases were mostly for apps, there were a few movies- Avatar, Sherlock Holmes, some really bad music (Taylor Swift.. really? Gag!) and some games.
I don't even own an apple product that could run the apps. The only Apple device I've ever had registered with iTunes is my old Shuffle (which... doesn't work anymore) I have bought SO LITLE on iTunes that purchases I made YEARS ago still show up on the main page of purchases/downloads.
I DID buy an EP on March 30th by an indie band I love, who only makes their music available on iTunes now (bummer.. I won't be buying more!)

I had been saving up for the 32 gig iTouch. No more. I won't buy another thing from Apple or iTunes. Done with them. This security breach was not on my computer, iTunes was breached, and Apple apparently takes none of this seriously.

I will follow up with my bank tomorrow, but I'm scared we're out over 100 bucks. Which is a really horrible time. Unemployment, limited funds, facing financial disaster.... really bad timing :(
 
iTunes is aware of Thefts

April 21, 2010 at about 7:45am unauthorized charges began to show up on my iTunes account. I received an email for 2 purchases I did not make. The first was for $1.00.The “Report a problem” link does not work on the email. I immediately went to the website and reported the unauthorized charges were a problem and charged without my authorization. I finally found a phone number and the rep told me iTunes would be back in touch in 24 hours. I explained to her that we did not have 24 hours because someone was making unauthorized charges now. She walked me through changing my password and deleting my credit card and said someone would contact me. I went back to my bank account and found that I now had SEVEN CHARGES (Keep in mind this was less than an hour after discovering the fraud). I contacted my bank and told them about the fraudulent use of my credit card and we canceled that card. 5 of the charges are just under $50.00 ($45.84, $43.61, $45.54, $42.57, $49.13 . Now I am in Limbo waiting to file a fraud report while iTunes (not some unknown scammer) has my money. iTunes knows this is going on. When someone adds a new computer to an account and begins to make $50 charges as fast as they can an alert should go out automatically. At the very least with this problem so rampant itunes should have an easy to find “report a fraud” link. The entire site is devoted to sales and 1% to customer service
 
I wake up this morning and went to check my bank acct info this to see if a particular charge had gone through. I notice 7 unauthorized charges from itunes totaling $230 and some change. Interestingly the charges started at 1:00am and the last one was at 9:36am this morning before i was even awake. As others have mentioned, none of the purchases were over $50 ($40.93, $46.93, $42.81, $48.94, $48.86, $3.99). There must be some reason that they dont go over $50? Anyways, there were 2 computers authorized on my account and i think this is a dead giveaway.

This all started about 4 days ago when i was having problems with the Pandora app on my iPhone. I should preface this by pointing out that i NEVER EVER buy app's, music, movies, etc. EVER! I do however download and use several free apps. Anyways, with that being said, i go into the app store via my iphone and click "update all" app's. As usual itunes ask's for my password and as usual i enter it. Well, my iphone hasnt stopped asking me for my itunes password since. At least 10+ times a day. For the first two days i kept on entering it. After finally becoming totally annoyed, i just kept hitting cancel (and still am). I just assumed that some app's wouldnt get updated...oh well im over it at this point.

So, back to this morning after discovering this big pile of poo, i called my bank and canceled the card and disputed the charges. My bank was awesome in that they are reversing the charges (i have to fill out some forms and sign something stating that this was fraudulent activity) and will be issuing me a new card. And as pretty much everyother person has said, itunes was pretty much worthless. i got through to itunes by calling AT&T. I explained what had happened to the at&t rep and she said to call 1-800-694-7466 which she said is something like 1-800-my-iphon ? So i called that number and the whole time i was on the phone the guy was acting all nicey nice, which is cool. im not saying that i want some douche with an attitude, im just saying that kinda this leads me to believe that im not the first person to complain about being taken.
So, this guy immediately goes, "yep i can see this is definitely fraudulent so what were gonna do is blah blah blah... and then when were all done we'll talk about the charges" I say. ok. We go through and basically change my password, remove my CC info, and deauthorize the other computers on my account. He finally starts talking about the charges and tells me that "even if apple wanted to refund my money its against the law, because im saying that the charges are fraudulent" WTF!!!!!!!!! At this point, i realize that im dealing with a well trained sheepy ******* and that unless i want to get an ulcer and take a few years off of my life, i might as well just bend over and grin and bare it.
So, i decide to just go ahead and completely delete my itunes account, which doesnt really matter for me since i dont really use it much and also because i have a macbook and it has itunes. Whatever. it was funny, cause he was like a snake-oil salesman, trying desperately to get me to just "de-activate" my itunes account. Anything but delete it. Well its gone.

Anyways, i feel sorry for those of you who had to deal with those douche bags at paypal....they are some of the worst scumbags EVER! Oh and for those who got taken for over a grand, i am very sorry to hear that. I would want blood at that point.

Oh and i was reading that some peeps were recommending emailing stevejobs@apple.com and that he's actually responding. hmm?

So, moral of the story:

- remove CC info from your itunes account and use gift cards for any and all itunes purchases

- make sure that the number of "authorized" computers is not more than what it should be

- Make the password that you use for itunes different from the one that you use for your personal email and on that note, create an email account specifically for itunes thats not associated with anything important

- pay attention to your financial info (bank statements, etc)

- this goes without saying, but use common sense

- if you've had a less-than-pleasant experience too, please dont hesitate to post it here or at least post it somewhere. I remember listening to the clark howard show one time on am radio (the clark howard show is all about issues like this, he's basically a consumer advocate) and he was saying that companies actually do read these posts. whether or not thats true, i dont know, but i still think its important to put it out there.

Apple....your slowly becoming like every other mega corp...only interested in $...
 
Add me to the list

Kind of distressing to see that this has been reported for almost three years and people's iTunes accounts are still being hacked into regularly.

My story:

About a week ago, I went to update a few of the apps on my iPhone. When the app store prompted me for my password, I got the message that my password was wrong. Weird, because I’ve been using this password forever (and it's a relatively secure one).

I tried to reset it and ran into some problems because it couldn’t find my apple id. I had another account that I accidentally set up when I registered my iMac, so I figured it was an account mix-up.

I waited a few days, tried to update my apps again, and again, got the message that my password was wrong.

There were alot of messy details, but after opening a support ticket with Apple, I found out that my old account ID had been changed. And it was changed to something that was most certainly not ME (the domain on the email was that of a chinese search engine)!

Someone hacked my account, changed the Apple ID, the password and even the secret question. They also bought $108 worth of iPad apps (split into three transactions that were all under $50 - I agree that this is an interesting pattern).

I went through the email support for iTunes and was very frustrated. After I finally got someone from Apple on the phone, the support I got was excellent. I called the support number for the iPhone and they were willing to transfer me to iTunes phone support ONLY after I confirmed that I had Applecare on my iMac.

We recovered my account, changed it to a new Apple ID and removed my credit card from the account for now. Apple assures me that the hacker could not see my credit card info, but better safe than sorry, I canceled the card and am getting a new one with a new number.

What I learned:

Don’t assume it’s a system glitch when you can’t login. Check you account immediately.

If you search for your account information using your Apple ID and your ID comes back as “not found”, that could mean that someone has hacked in and changed it.

It sure seemed like Apple was not going to help me if I didn’t have Applecare on my iPhone. This is disturbing since the problem that I was having was related to a security breach of their system. They transferred me to the right person ONLY after I supplied them with the Applecare account info for my iMac. For many years, the only apple product that I interfaced with was iTunes on my pc. I would not have had Applecare. Does this mean they would have been unwilling to help? It would seem so.

Also, I could not find a link on Apple’s site for account fraud reports or anything like that. Strange and kind of obtuse. If they provide a link would it imply that there was a possible imperfection in their system/products? (this is mostly a rhetorical question)
 
A method to prevent

Just thinking if I authorized 5 Macs/PCs, those fraudster wouldn't be able to use their machines to make purchase anymore from that ITunes account right?!

This might actually be a way to prevent it .... of course you would need to find 5 machines to install iTunes and Authorised it .... maybe look for old computers lying around!
 
iTunes security a joke, Apple support is pathetic!

My iTunes account was hacked a week ago.
$62 in credit gone. Used on Chinese apps.
They changed my user id, password, email, and security question.
Apples response?
"Not their problem."
So their non existant security on an on-line monetary system is hacked daily, but it's not their problem.
No alert, no email notifying me of the changes, nothing.
And it took me over an hour to finally get hold of someone on the phone.
Unacceptable!
I'm not posting this rant to complain, only to warn as many people as possible.
Apple security is horrible and you will be ripped off eventually.
I know you're only liable for $50 on your credit card, but is $50 really a small amount of money to most people?
And is Apple really not liable for all of these thefts? It is their system. They do have some responsibility to safeguard our accounts, dont they?
I'm writing to my Senator and Congressman to see if something can be done.
At the very least, people should be made aware of how risky it is to have an iTunes account.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back