iTunes accounts being compromised and money stolen from them!

Discussion in 'Apple, Inc and Tech Industry' started by GekiRed, Jul 3, 2011.

  1. GekiRed macrumors regular

    Joined:
    Sep 4, 2010
    Location:
    Hades aka England
    #1
    I don't know if anybody's heard the news, but for the past 6 or more months, quite a few people have had their iTunes accounts compromised and illegal in-app purchases made for various iOS games which support them!

    In case you don't believe me, please kindly check the following links including the first one which is from Apple's own support forums!:

    Discussion on Apple Support Forum about iTunes accounts being hacked for illegal in-game App purchases
    Google search for Kingdom Conquest+iTunes Hacked(This is the main App that's causing all the trouble)
    BetaNews article
    MSNBC Article

    I confess I'm surprised that MacRumors haven't done a article on such a important story like this, especially as it would be a major PR disaster for Apple on such a scale if this got out in the wider media that Apple couldn't care less about their customers, especially after the Sony incident a few months back.

    Why can't Apple admit that the security on iTunes isn't as perfect as it could be. It wouldn't kill them to admit they're wrong for once, because at the end of the day, they're going to lose a lot of customers over this incident...
     
  2. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #2
    You probably don't hear about it much because it's not happening with enough frequency.

    What's with the mental sig, btw?
     
  3. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #3
    MacRumors is mostly a news aggregator in the sense they don't follow stories but cover what's already been published. If it's not publish MR generally won't have it.

    At the risk of your post sounding like trolling flamebait. Apple's corporate culture is closed and secretive. This also extends to their security initiatives.

    iTunes security compromises is a problem, to what extent is anyone's guess because of apple's approach. It could be small, it could be great we don't know for sure.

    Clearly the OP has a proper perspective in worshipping the creator and not a human being.
     
  4. GekiRed thread starter macrumors regular

    Joined:
    Sep 4, 2010
    Location:
    Hades aka England
    #4
    For someone who's a Mod, why would you accuse me of being a troll?

    How would YOU and the other poster like it if YOUR accounts got hacked? I bet the both of you would soon be complaining?

    So I take it 32 pages of constant complaints on Apple's own forums PLUS reports on various news websites all over the internet including PCPRO, BetaNews, MSNBC and TVNZ isn't proof enough and worthy enough to make the news on MR?

    @ LTD: My signature's supposedly mental!?! At least I don't believe in worshipping false gods, especially ones who wear turtleneck jumpers and at least I'm not a stuck-up person like a lot of the Apple Fanboys/Girls here...:D
     
  5. Bernard SG macrumors 65816

    Bernard SG

    Joined:
    Jul 3, 2010
    #5
    The way it looks, the problem seems related to dirty tricks like key-logging PC's of iTunes users to intercept their Apple ID's and passwords then make expenses that generate fake iTunes purchase receipts.
    It doesn't seem to be a Sony-style large-scale hacking operation on the iTunes system itself.
     
  6. Hellhammer Moderator

    Hellhammer

    Staff Member

    Joined:
    Dec 10, 2008
    Location:
    Finland
    #6
    Exactly. People's accounts are hacked all the time and usually it's not the service provider's fault. It's very rare that there are large-scale hackings like the Sony one you mentioned.

    It's pointless to publish an article about other people's mistakes. If they have the same password everywhere or it's easy to guess or they don't have proper anti-malware software, it's not a surprise that they get hacked. This happens all the time and iTunes or Apple isn't the only one.

    Publishing an article about iTunes being hacked would easily create mass-panic and if it ended up being false, MR would definitely lose their credibility. You need some rock solid proofs to publish an article like that.
     
  7. GekiRed, Jul 3, 2011
    Last edited by a moderator: Jul 3, 2011

    GekiRed thread starter macrumors regular

    Joined:
    Sep 4, 2010
    Location:
    Hades aka England
    #7
    You make a valid point there, but at the same time, the majority of people who've had this problem have said that they use decent Anti-Virus and Firewall software which would have easily detected anything like keyloggers easily...

    I use AVG Internet Security myself and I've not had any keylogger software detected PLUS I always run a check every day on my laptop.

    I changed my password as well as my security questions and from now on, I'll be buying any Apps via my iPod Touch even if it is inconvenient AND I definitely won't be adding my debit card details in the future again because these guys already deleted mine to cover their tracks.

    At the end of the day, I just wanted to give everyone on this board a heads-up on the whole thing because if it can happen to thousands of people all over the world, then it can happen to anybody here.

    Piece of advice: ALWAYS check your receipts as well as iTunes itself for any unexpected purchases, especially if you've added any giftcards to your account. Not only that, but be extra careful when adding details of your credit card/debit card/PayPal account as some of these hackers are stealing from those as well as stealing from giftcard amounts.

    I'm not being paranoid here (32 pages on one thread alone on Apple's forums should be more than proof enough for anybody!), but at the end of the day, I just wanted to warn everybody to be extra careful when making purchases on iTunes now and in the future...

    Finally, the receipts I got myself in my email account for the illegal purchases WERE genuine ones sent by Apple themselves PLUS the purchases themselves also appeared in my iTunes account as well.

    I can understand where you're coming from, but at the same time I'm concerned that you don't believe that I'm telling the truth even though a lot of reputable journalistic organisations have reported what's happened? I take it that it would take a report on CNN or Fox News or the BBC for MR to take this seriously? I would have thought that you would have believed the posts on Apple's forum to be proof enough, especially as the majority of the illegal purchases are all for the same game PLUS the people concerned had very good security as well on their PC's, laptops and Macs as well (Hey, hackers don't differentiate between computers when it comes to stealing from iTunes accounts as well from CC's/DC's and PayPal accounts!).

    At the end of the day, I'm disappointed that a site like this doesn't seem to be concerned with iTunes users getting ripped off as well as saying that it's their fault that they're getting ripped off when in fact it's the fault of the hackers plus iTunes woeful security.

    In any case, Apple are taking a huge risk here not fixing what is clearly a huge breach in their security systems and if left open, it's going to cost them big and no amount of PR Damage Limitation will fix what's happened. Sure, there will be people who will still buy Apple products, but for every person who buys one, I guarantee you there will be 4 or 5 who won't buy one because they will have heard the news about what's happened with iTunes.

    I'm doing a Computer Studies degree at the moment so I know what it takes to work with computers, especially on the security side of things and one thing I do know is that these hackers are REALLY good if they can penetrate Apple's security systems and cover their tracks with ease for the most part!
     
  8. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #8
    I didn't accuse you of being a troll. I said your post was possibly sounding trollish flamebate. A far cry from insulting you.

    My main point is the apple's secretive policies hinder any good information with regard to the depth and breadth of any possible itunes hacking problem.
     
  9. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #9
    No more it puts apple in a negative light. You for example will post stuff and scream bloody murder on things that effect a very few people and yet not accept that reason as one to put it down.

    That being said I believe most if not all the accounts were comprised by phishing.
     
  10. Apple OC macrumors 68040

    Apple OC

    Joined:
    Oct 14, 2010
    Location:
    Hogtown
    #10
    probably hacked by someone you know ... do you have any little brothers?
     
  11. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #11
    Well if it isn't happening to the degree that it's worth reporting about all over the place, then it doesn't put Apple in any light at all. It just doesn't really register on the radar. If it's something serious and pervasive you'll hear about it. The media loves Apple stories.
    I have no idea what you're talking about here.
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    Keyloggers are not malware and will not be detected by most antivirus as such. You can't get a keylogger on Mac OS X unless you install it yourself, or give access to your computer for someone else to install it. Antivirus is not needed to protect Mac OS X from malware; only some education and common sense. Having passwords stolen does not point to malware, as there are many other methods by which passwords can be compromised. Nor is it necessarily a failing of Apple or its products if a password is stolen.
     
  13. 42streetsdown macrumors 6502a

    42streetsdown

    Joined:
    Feb 12, 2011
    Location:
    Gallifrey, 5124
    #13
    Apple won't admit they're wrong. Because (most likely) they aren't. This is a situation were users have unwittingly 'given' their info away. Apple does what it can to help users make strong password (minimum character limits and requiring numbers, etc), but in the end it's the user's responsibility to keep themselves protected. Don't reuse passwords all over the web. http://xkcd.com/792/

    According to wikipedia keyloggers are malicious software (malware), and i would tend to agree.
     
  14. neiltc13 macrumors 68040

    neiltc13

    Joined:
    May 27, 2006
    #15
    The problem is that the simple username/password combination is no longer suitable for use on any online service. "Hackers" have shown that it is far too easy to exploit and they are right.

    I have been very impressed with Google's two step authentication feature since it was added a few months ago. Basically, you tie your Google account to your smartphone, mobile phone or home telephone and when you try to log in on a new computer, it sends a text message or calls you on the number you gave when you signed up, and gives you a code. If you have an iOS or Android device there is an application which can generate a code without the need for SMS or a call.

    You enter the code on the website within a certain time limit and you are logged in.

    This way even if a hacker finds out your password they still cannot access your account unless they also have your phone.

    A similar system has been deployed by Steam - if you log in on a new computer, it sends a code via email which you must enter before you are allowed to log in.

    Understandably, these sorts of things are costly to develop, so until a better solution comes along this will be limited to big organisations. I'd love to see the day when the username/password combo is gone for good.

    That said, Apple surely has the resource available to implement something like this. If it is serious about cloud computing, and wants users to trust it with their data then it better implement something like this soon.

    I would never switch from Google to a provider which didn't offer this level of security.
     
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    A keylogger isn't malware in and of itself any more than a hammer is a weapon in and of itself. While both can be used for sinister purposes, they were designed for legitimate uses.
     
  16. 42streetsdown macrumors 6502a

    42streetsdown

    Joined:
    Feb 12, 2011
    Location:
    Gallifrey, 5124
    #17
    While i get what you're going for I still disagree. Keyloggers are design to obtain keystrokes without the knowledge of the user. While this can be can be used for legitimate purposes like law enforcement it is still an inherent violation of privacy. Seems pretty malicious to me.
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    They can also be used by parents to supervise children, for computer owners to track what others do with their computer in their absence, etc. They're not only used for malware.
     
  18. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #19
    They originally were more made to guard company secrets and what not and when you were on a company computer you knew you were being log on everything you do.
    Sadly they also got used for malicious purposes.
    Writing a keylogger is a cake walk to do and any script kiddy can write one. I know I have a majority of the code on hand to write one left over from a class project. It would not take much for me to add the little bit to scream all the information to a text file and record every keystroke.
     
  19. *LTD*, Jul 3, 2011
    Last edited: Jul 3, 2011

    *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #20
    I just post news that's picked up by the media, and the problems reported are usually indicative of very real problems with the subject being discussed. It's often not very complimentary to the particular non-Apple target. Not my fault. It's the state of the industry.

    Let's go "threw" each one up top. I've just bolded my answers.
     
  20. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #21
    No need to scream... we can hear you just fine! :D
     
  21. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #22
    Yeah I do not bother buying it.

    I just posted an example. Not that I expected you to agree with it at all. If I really felt like it I could go threw and start finding your posted of these stuff but threads make a great example.
    As for the HTC phone you only corrected it after several of us pointed out the error. I am willing to bet if no one pointed it out it would of gone down with your standard bashing.

    Like I said you are an example of someone who will scream bloody murder on a small number.I would never expect you to post something like the iTunes hacking and honestly find your defense of it funny.

    I wrote off the iTunes account hacking as Phishing. Sad parts part is unlikely all the other companies that have been targeted by phishing campaigns Apple has failed to do any standard announcement and email saying stuff like that. My small credit union made a point of sending out emails when another credit union was hit by a phishing target that had NOTHING to do with my credit union.
    Apple should send out an email saying "Hey we were targeted by phishing...standard stuff after that."
    Generally the people who get hit by phishing really could use that announcement to remind them of Apple policies. They are not exactly the sharpest tools in the shed when it comes to computers and the internet.
     
  22. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada
    #23
    I didn't agree with them, not only because they were all wrong, but also because they made no sense contextually.
     
  23. GekiRed, Jul 4, 2011
    Last edited by a moderator: Jul 4, 2011

    GekiRed thread starter macrumors regular

    Joined:
    Sep 4, 2010
    Location:
    Hades aka England
    #24
    Just thought I'd give you guys an update concerning my hacked account and getting a refund:

    Just over 24 hours after I got in contact with Apple on Saturday, I received a email yesterday from a very friendly CSA by the name of Jessica who even apologised for not getting in touch with me within 24 hours.

    She said that she'd be more than happy to take control of my case and she authorised a refund of the amount that I lost. I've also given her the necessary details to re-enable my account as well.

    I'm not bothered about waiting for a refund, but it's definitely made me wary about buying stuff via iTunes on my PC and instead using my iPod Touch to buy them using giftcards and not using a debit card for purchases.

    From the sounds of things, I have a feeling that she's had to deal with quite a few of these cases if she had no problem giving me a refund, no questions asked.

    In the meantime, as I said before, I urge everybody to check their accounts when possible as well as change their passwords and security details because it's better to be safe than sorry at the end of the day.

    I don't have any siblings at all, and I don't have anybody else living with me except for my dog. That, plus I use a secure password on my laptop AND I always lock it when in use.

    Also, I rarely take my laptop out of my home with me, except for university and even then, university has already finished for the year plus I only take it with me in term time, every so often as there's so many computers in all the campuses and LRC's (Learning Resource Centres)

    On another note, it's a crying shame that LTD had to hijack a thread like this where I was trying to warn people about what was happening to people's accounts and that.

    I just hope that what happened to me and countless others doesn't end up happening to him, because it would truly be an ironic case of Schadenfreude indeed.
     
  24. *LTD* macrumors G4

    *LTD*

    Joined:
    Feb 5, 2009
    Location:
    Canada

Share This Page