Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

I think my iTunes account was hacked?

Another hacked account

My account was also hacked this morning. Luckily, I have my account set to email me if there is any account activity. I was emailed twice in a row saying I had made two $50 purchases for gift certificates for iTunes. I immediately checked my bank account and iTunes account and sure enough the $100 was on hold on my credit card and the purchases showed up in my purchase history on iTunes. I had my credit card shut down immediately and contacted iTunes support. iTunes support was pretty much of no assistance telling me all the common-sense things to do like change your password, remove your credit card information, etc. Regarding the $100 charges they pretty much said it's up to my bank to investigate it and remove them: "I urge you to contact your card issuer as soon as possible to inquire about removing the unauthorized transactions. You should also ask them to launch an investigation into the security of your account. Under the circumstances the iTunes Store cannot reverse the charges for those purchases without chargeback orders from your card issuer." It seems to me that Apple should be aware of the situation by now, but has yet to do anything about the security problems.
 
My account was just hacked too.

Luckily, the hacker only bought 1 paid app, along with a free version:

SlovoEd Deluxe English <-> Russian Disctionary Paragon Technologie GmbH $24.99
SlovoEd Deluxe English <-> Russian Disctionary Paragon Technologie GmbH Free

I've contacted Apple about it. I expect a refund, but seeing the posts here, it looks like I might need to take it up with PayPal.
 
Another one gets jacked

Happened to me this morning. CC company phoned me re suspcious activity.

£100 worth of iPad apps. I don't even own an iPad!

Account password had been changed but fortunately not the email address so I was able to reset it. Cancelled my card reported it to the police and tried to report it to apple.

Seriously I have to report fraud via EMAIL? Don't understand why they changed my password but not my email address. Also why don't I get an email when my password is changed?

Not sure what the vector was to compromise the account. My first suspicion is they guessed or brute forced the security question, which I have to confess was a little weak.

I do suspect Apple have a leak somewhere though.
 
Stock email response

Responded with this:
--

Thank you for your proforma email response. I am delighted that Apple
take the security of my account, and Fraud so seriously.

Please could you please urgently provide the following information:

What account activity has been made on my account since 17:00 GMT 28 July 2010.

What methods have been used to update my iTunes account password since
17:00 GMT 28 July 2010?

Has anyone attempted to answer the security question to gain access to
reset my password at any time in the past.

Why was I not notified by email when my password was reset.

If you feel you are not authorized to provide this information I shall
make a separate formal request under the Data Protection Act 1998

--

I am determined to find out the vector they used to compromise my account. Even if I have to trawl through their logs by hand.
 
assasin said:
Responded with this:
--

Thank you for your proforma email response. I am delighted that Apple
take the security of my account, and Fraud so seriously.

Please could you please urgently provide the following information:

What account activity has been made on my account since 17:00 GMT 28 July 2010.

What methods have been used to update my iTunes account password since
17:00 GMT 28 July 2010?

Has anyone attempted to answer the security question to gain access to
reset my password at any time in the past.

Why was I not notified by email when my password was reset.

If you feel you are not authorized to provide this information I shall
make a separate formal request under the Data Protection Act 1998

--

I am determined to find out the vector they used to compromise my account. Even if I have to trawl through their logs by hand.
Click to expand...


Thanks for your effort. Let us all know.

Mooch
 
i too would like to add my name to the list of hacked accounts. Have emailed iTunes support three times in five days with no response. i don't really think thats acceptable.

Does anybody know if Apple will refund the credit that i may have potentially lost?
 
My iTunes account was "compromised" on July 30, 31st and August 1st. Within a 72 hour period, over $500 worth of applications, music, movies, etc. were charged to my PayPal Account (which is linked to my BofA checking account). I rarely use my Itunes account and have purchased only $2.79 from iTunes over the past six months. (I do not own an iPhone nor an iPad - just a slightly antiquated iPod).

On July 31st, I began receiving e-mailed receipts for iTunes purchases. The receipts were for a series of 13 purchases between $37 and $59. When I opened the receipts, the items purchased were mostly applications (some in English and some in what appeared to be Chinese) as well as movies and music. (I knew my account was "hacked" instantly when the first item on the first reciept that I opened was for a Justin Beiber video.)

I logged on to my iTunes account and noticed that there were 92 items waiting to be downloaded. I noticed that my account now had 2 computers authorized for my iTunes account. (I only own one computer.) I attempted to "deauthorize" the "hacker's" computer - but it would not allow me to deauthorize any other computer but my own. It was perplexing that I could not even find out any additional information about the "hacker's" computer.

I immediately contacted Apple support via e-mail. It is quite frustrating that
they do not offer any sort of live support for serious issues like this - which is due to their insufficient security in the first place.

Fortunately, my password was never changed by the "hacker." I changed my password and changed my security question to a very obscure question. I removed my PayPal account from iTunes and disabled the iTunes store as well.

I reported these incidents to both PayPal and BofA. Because it is the weekend, BofA instructed me to contact their claims department on Monday morning.

I am hoping that my account will be credited (eventually).

I have lost all of my confidence in Apple products. I was planning on purchasing both an iPhone and iPad in the future - but no more. This problem seems to be increasingly widespread and all of us have endured undue stress and financial burdens based on Apple's flawed security and lack of concern for their customers. It is odd that there hasn't been more media coverage about these incidents - especially since this thread is a couple of years old.
 
Ouch!

The guy with 1500, I'll say OUCH! He's not playing though, its true, if you have one click on the online apple store, than hacking iTunes gives you user and pass, then you can purchase stuff from the apple store.

is it just me, or is $1500 enough to get a macbook pro, 13'', or an iMac, or a mac mini with a ton of stuff, and tons more
 
mlp123 said:
My iTunes account was "compromised" on July 30, 31st and August 1st. Within a 72 hour period, over $500 worth of applications, music, movies, etc. were charged to my PayPal Account (which is linked to my BofA checking account). I rarely use my Itunes account and have purchased only $2.79 from iTunes over the past six months. (I do not own an iPhone nor an iPad - just a slightly antiquated iPod).

On July 31st, I began receiving e-mailed receipts for iTunes purchases. The receipts were for a series of 13 purchases between $37 and $59. When I opened the receipts, the items purchased were mostly applications (some in English and some in what appeared to be Chinese) as well as movies and music. (I knew my account was "hacked" instantly when the first item on the first reciept that I opened was for a Justin Beiber video.)

I logged on to my iTunes account and noticed that there were 92 items waiting to be downloaded. I noticed that my account now had 2 computers authorized for my iTunes account. (I only own one computer.) I attempted to "deauthorize" the "hacker's" computer - but it would not allow me to deauthorize any other computer but my own. It was perplexing that I could not even find out any additional information about the "hacker's" computer.

I immediately contacted Apple support via e-mail. It is quite frustrating that
they do not offer any sort of live support for serious issues like this - which is due to their insufficient security in the first place.

Fortunately, my password was never changed by the "hacker." I changed my password and changed my security question to a very obscure question. I removed my PayPal account from iTunes and disabled the iTunes store as well.

I reported these incidents to both PayPal and BofA. Because it is the weekend, BofA instructed me to contact their claims department on Monday morning.

I am hoping that my account will be credited (eventually).

I have lost all of my confidence in Apple products. I was planning on purchasing both an iPhone and iPad in the future - but no more. This problem seems to be increasingly widespread and all of us have endured undue stress and financial burdens based on Apple's flawed security and lack of concern for their customers. It is odd that there hasn't been more media coverage about these incidents - especially since this thread is a couple of years old.
Click to expand...












Best of luck.
 
my account was hacked yesterday

There were over $800 in charges in 16 different transactions. I contacted Paypal (easy) and iTunes store (not so user friendly) right away. Got to the bank this morning and the charges were pending, but I cancelled them, I hope. Went to the police to file a report, and the deputy obviously didn't know how to do the report, so waiting on a report number. Told Paypal and iTunes store that, if they catch the person responsible, I'm pressing charges.
 
Garbage!

Through this whole process of researching a "hacked" ITunes account I've come to one realization, ITunes customer service is garbage. Same story blah blah $600+ stolen, bank refunded, no idea how it was "hacked", as I'm not a "newbie" and fall for either Phishing scams or leave a wide open email account, and currently only use military monitored computers (thanks fan boys for being really loyal exact copies of the mother-company). It seems to me that if someone, let’s say, gets your CC Fraudulently and purchases stuff from, oh I don't know, The Apple Store, in plain view, on camera, chatting nicely with the sales person, and then when you go back to said company and say hey, my credit card was used fraudulently, can I direct the police or whomever I've reported to on how to get the tapes and interview people, they tell you shove off! Let’s not forget that Apple tracks every order, and even places nifty DRM on their purchases to prevent, OH MY, theft. And why exactly can't I get the IP and MAC addresses of where this stuff was sent? According to ITunes, it's my account, and they don't refund anything, so it is MY music/crap. I'd just like to figure out where it is you know? Is it so hard to be a decent company? But two years of the same thread proves beyond the shadow of doubt that this will never be true. GARBAGE!
GARBAGE!
 
Fraudulant ITunes Visa transaction

I don't have an ITunes account and I've never dealt with the company or purchased anything from them. My Visa bank phoned to say my Visa was being used for purchases which didn't appear to be mine. They were correct. There were two transactions for $59.99 for purchases from ITunes Music Store in Sydney.

Now I need to convince the Visa people that I had no part in contributing to those unauthorised transactions. Perhaps the ITunes people are slack about confirming Visa card ownership and don't ask for sufficient information to confirm the Visa card owner's identity.

dadndoc
 
Add me to the hacked iTunes account list. I woke up this morning to 3 emails from Paypal For $159.36, $40.15, and $53.11. I checked my iTunes account and sure enough, there are now 4 machines authorized for my account. I changed my iTunes password and removed Paypal (and changed my Paypal password). Of course they don't have 24 hour support and now I have to wait a few hours to try to get this resolved.
 
Itunes hacked 16 August

Add me to the list of those who have been hacked. I have only been downloading apps on my Ipod Touch - I haven't synched to either my laptop or desktop in at least 2 months. I check my e-mail yesterday and saw 32 messages from PayPal. I checked my Paypal acct. and it showed authorizations to Itunes, to the "tune" of 3400.00 and change!!! I had my debit card saved as my form of payment in PayPal so every single charge hit my bank account. They have been nothing but helpful and I will be refunded these unauthorized charges. The e-mails showed that they were for apps - World of War, etc. None of these were authorized by me. I can't figure out why nobody caught this??? Not Itunes, or PayPal, or even the card company. Especially since the charges all posted at the same time! I have changed everything and we will see what happens. But regarding customer service for fraud issues? Apple should be ashamed!! After a half hour wait, and of course a run-around, I was told to enter the info into a form and they will contact me. Fine, I get it. Big company. So can anyone tell me where this form is? I've checked all over and of course it is well-hidden. I'm disgusted.
 
Add me to the list

Add me to the list of hacked accounts. I had an iTunes account I hadn't used since early 2008. At that time, I purchased a couple of albums using Paypal as my form of payment. I use Paypal because it is supposed to limit your financial exposure to all these other internet businesses. But apparently, if you use Paypal on iTunes, it sets up some kind of ongoing subscription that allows iTunes to charge your Paypal account and you don't have to sign in to Paypal to authorize it. Not only that, it sets a spending limit of $5,000 a month! Also, all other websites I've dealt with ask EXPLICITLY if you want to save your billing information. With iTunes, the default is to save it and it is up to you to go back after you have made your purchase and change it to None.

I found this out when I started receiving emails on the 18th from iTunes and Paypal thanking me for my purchases. Between 8/16 and 8/18, there were 17 fraudulent charges to my Paypal account from iTunes, totaling nearly $700. I know my computer is not infected with a keylogger or anything else. I hadn't signed into that iTunes account in over two years--would a thief wait that long to use his ill-gotten gains? I religiously scan my computer for virus and malware. Paypal says I will get my money back but I haven't yet.

There's a group on Facebook (http://www.facebook.com/group.php?gid=115931615089725) with several other people who are having the same problem right now, so Apple/iTunes have done nothing to secure their website yet. I see several people in different places say it's because "you had an easy password," "it's because you are using Windows," "your computer is compromised," etc. It's my belief that iTunes has been compromised, not us! My password was strong, consisting of a combination of 10 letters and numbers. It was not a dictionary word. As I said previously, I had not even signed into that account in over two years.

Others have wondered why all the charges are less than $50. It's because you aren't held responsible for fraudulent charges over $50. This info can be found here on the FTC.gov website: http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm Apple/iTunes batches purchases in less than $50 invoices to protect their financial interests. If someone is making a legitimate purchase, there should be no problem billing from one invoice for the total purchase. I have not experienced this batching with any other website other than iTunes. Large purchases are more likely to be scrutinized by banks and credit card companies, and frauds like this could possibly be shut down much sooner.

I know some of you will say "1st time poster so they must be lying." Like others, I found this site while searching for "iTunes account hacked". I don't own a Mac, or anything made by Apple for that matter, and had no reason to visit this site before. With this example of Apples "care" for their customers, I never will own anything by Apple.
 
I guess I was "lucky" in the sense that they only got me for about $60. I think I logged in when they were in the act of purchasing. I quickly reset my password, and deathorized all computers. I was set up to pay through paypal too. I guess the answer here is to only fund your iTunes account through low amount iTunes gift cards. A pain, but at least you ensure a cap to the spending in case of theft.

iTunes genius recommending a bunch of Chinese songs based on the fraudulent purchases is salt in the wound!
 
Add me to the list

Add me to the list of iTune account hacked.. It was hacked today at 3 0'clock "mid night"..

seems like most of you guys are experience the same pain im going through... They're all purchases of some Chinese apps i've never heard of and a bunch of songs... 17+ purchases from $45-49 none over $50.. I was one of those dumbasses who have my itune account linked to paypal.. as soon as i read most of you guy's post I stayed up to 6 trying to "unlinked" it.. took awhile but i got it.. I was turning off my game at 4, and before i went to bed i checked my email.. and there it was... 17 stacked email from paypal saying i purchase stuff..

I emailed apple telling them to do something.. hearing from you guys there wont be much doing.... and right now im trying to reach paypal to hold off the charges to my BankofAmerica..

honestly... this suck... I've always hated apple product and their stupid strict rule on everything... I made purchase a song on iTune, 5 month later i try to download the same song i purchase... they wouldn't let me.. -__- i mean i pay for it why can't i download it again??

I hate how they milk money off people with their products, with things like a newer camera, w/ flash, or something like a bigger screen itouch (ipad) ... its ridiculous how people can purchase them and be in so in love with it.. people treat it like a fashion sense.. (got to admit they're good at marketing)

I hate how they don't allow a right click on any of their OS.. (maybe i'm not used to it)

i only use itune to download apps on my girlfriend (one of those loyal apple lab rat) iPhone .. and look where it got me.. she got a iphone 2g as a gift 2 year back, and so I gave her a Nexus One (best phone out there yet), and she abandon it... so i have give her a iphone 3gs, a downgraded version from the nexus one phone, for her birthday... and she was so happy.. UGH!!! (mayb she likes it so much because i jailbreak it)


I haven't download any song from any p2p network for the last 3 month.. so how the hell did they get my password...

im glad i went to their apple store and Jailbreak all their iphone, ipad, itouch.. (iono if this is a good or bad thing)

i lost hope in apple
 
Has anyone successfully got their money back? My itunes was hacked on the 31st and I have been charged over $1300 to paypal, it overdrew my bank.. I immediately made claims with paypal, bank and itunes but at the current time it still looks like they are doing nothing (infact, paypal keeps on trying to repeat the few failed low balance transactions over and over). This came at the worst possible time during the entire year, this week it hit is the absolute worst. I would goto jail for murder at this point if I knew the person that hacked my account.


Anyone get their money back?
 
I just got hacked, and a refund

I received an iTunes Store receipt about an hour ago, which had one app I purchased this weekend, and 10 others I had never heard of. Fortunately, the whole bill was just $13.

I emailed Apple and called my credit card company. The credit card folks said the charge was pending, so they couldn't contest it yet. Once it went through, they would help me take care of it.

I changed my iTunes password (which was strong) and removed the credit card from my account.

I was surprised to receive a very quick response from Apple saying all of the illegitimate charges would be refunded. They've locked my account until I tell them to open it.

So I'm "lucky" that the whole situation seems to have resolved itself within an hour. I'll reinstate the account later, and fund it with gift cards from now on.
 
slfdstrx said:
I received an iTunes Store receipt about an hour ago, which had one app I purchased this weekend, and 10 others I had never heard of. Fortunately, the whole bill was just $13.

I changed my iTunes password (which was strong) and removed the credit card from my account.

I was surprised to receive a very quick response from Apple saying all of the illegitimate charges would be refunded. They've locked my account until I tell them to open it.

So I'm "lucky" that the whole situation seems to have resolved itself within an hour. I'll reinstate the account later, and fund it with gift cards from now on.
Click to expand...

Same here. Someone wiped out 27 bucks worth of gift card credit and then about 13 bucks from paypal which was tied to savings. They've disabled my account for now and I've disputed the purchases with paypal.

Good idea on the gift card funding.
 
I was compromised today.

I got a email this morning for 3 purchases of only 3-4 dollars total.

Thank god I didn't have my CC or Bank info there.

Last night I did a sync of my ipod and downloaded some updated iPhone apps. This gets logged as a transaction but it's free and you do get a email receipt for it. I looked at my purchase history and the 11 updates were there with the 3 songs from a band I never heard of.

No password was changed.
No secret question was changed.
No other info seemed to be changed.

I immediately changed my PW and secret question. I noticed the transaction was at 3:25am, I am in EDT, so I'm not sure when it actually took place, but at that time, I was sleeping. The receipt email showed up around 10am EDT.

I contacted Apple and I wanted to talk to a live person, but that is impossible (for iTunes), they just want to direct you to voice activated canned answers. After getting a person, she told me to go to the iTunes support website. /sigh

I would have gladly used iTunes to check all this, but I was at work and didn't want to wait to act on this. Apple NEEDS to have the ability to view iTunes personal info/account/Transactions via a secure website. My work blocks the ports to log into the iTunes app, so I was stuck.

Once on the support site, I filled out a email web form. I got a quick automated response and a few hours later, they credited my account.

The big thing for me is, how did it get hacked? The person downloaded 3 songs that had no DRM, no authorization changes either.

I am more worried about my account security than the 3 dollars. I will NEVER put my CC in there. I will continue to use gift cards as I have been doing for years. On a side note, I did this originally because iTunes can be dangerous to a music lover with a live CC on there (myself, lol). So, in order to curb myself, I wait for the new releases I want, buy a 25 gift card, just buying those items and I'm good. It's kind of like buying 1-2 CD's from the store instead of blowing $100 on albums and cherry picking songs.
 
I'm a victim of this crap as of this morning...Got an email receipt for a $65 app I didn't buy. My transaction history said it was "gifted" to an email address I don't recognize. emailed Apple and called my credit card company, but they can't do anything until it's past the authorization stage. It's only $65, but this is seriously bumming me out tonight.
 
Anyone have any thoughts on how this is happening or how someone could have "phished" our passwords? I'm pretty good at spotting phishing attempts and don't remember any instances where I could have fell for one.

Anyone download and use the AppShopper app shortly before this happened?



Apple contacted me quickly and said they were going to refund the charges. They made it pretty clear it was a "one-time" refund. I took my credit card off my account and will use the small gift card method from now on.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back