iTunes account hacked...grr.

[gloss]

So, I checked my e-mail this morning and some wanker hacked into my account and sent himself $350 of gift certificates to the iTunes Store. I've already taken proper precautions and sent Apple a rather annoyed customer service request, so this is more of a vent than anything else, but how in the world could someone get ahold of my iTunes account information? It's not distributed, it's not used anywhere but iTunes on my computer. Was it just random hacking, or did someone deliberately target me?

Has anyone else ever had issues with the security of their account?

 

[BayouBengal]

In all honesty, it's not all that hard to steal someone's information like that. It could have happened numerous ways. A sneaky way these days is someone compromising your email and setting it up to forward all email to a 3rd party address, all of this happens rather quietly. They can search old emails for possible password confirmations or possibly even have a company resend a password and intercept the email before you see it.

I'd suggest changing your password and change it to something not easily guessable. If it's something goofy like 'blueberry2008', that'd be guessed so quickly in a brute force attack.

 

[HiRez]

Have you been using open or WEP Wi-Fi networks? That's an easy way to get your info if someone knows what they're doing (it's not even that difficult if you don't know what you're doing and have the tools).

I've never had my account hacked, but there's always a first time. Whenever I use Wi-Fi in a public place I usually VPN through my work servers, which adds some protection (additional encryption).

 

[aethelbert]

Since this sort of incident seems quite common, I've always tried to just keep a reasonable balance of iTunes credit on my account. I get it when selling small stuff, random thank you gifts, et al. In the instances when I don't have a sufficient balance, I tend to take the card's information off of the account right after I make a purchase.

 

[gloss]

Thanks for the advice, guys. I just decided to not keep my credit card information on the account anymore - anything that's so randomly compromised is not something I'd trust with my financial information. I'll rely on gift cards from now on.

There was definitely a panic moment when I first realized what was happening, but I think now that I can stand back and look at it it's kind of ridiculous that someone would think they could issue themselves such large gift certificates ('Gift Certificate for lol') and not have the owner notice. Hopefully Apple can have the certificates themselves invalidated, or track them back to where they might have been redeemed.

 

[BayouBengal]

And as a note to everyone, ever wonder here those cheap iTunes gift card codes on Ebay come from? Well, our friend gloss just witnessed it.