iTunes security leak

Discussion in 'Mac Apps and Mac App Store' started by stolencc, Mar 15, 2008.

  1. stolencc macrumors newbie

    Joined:
    Mar 15, 2008
    Location:
    Belgium
    #1
    Hello people,

    since I have been victim of fraud on my credit card after using it with
    iTunes, I decided to share my experience with you in order to find out
    if there are any other cases like mine out there. As Apple is not liable for
    eventual security breach, I believe it is necessary to warn all the
    iTunes users that their credit card info might be NOT SAFE ENOUGH.

    My unfortunate story started when, after buying a brand new iPod
    shuffle, I also decided to buy some music on the iTunes store.
    I did not even ask myself the question whether or not it is safe to
    put on my iTunes account my credit card info because I thought: "if
    millions users just use it, why should I have problems?". Therefore,
    even though I never put my credit card info on any web site, I decided
    just to do it this time. That day I bought several songs and I
    actually enjoyed it as it was pretty easy and straightforward.

    The bad surprise came up a few days later when I found out by checking
    my on-line statement that someone used my credit card to buy gift
    cards somewhere. They spent 2600Euros (currently about $4000
    US dollars) in a few hours while I was enjoying listening to my new songs.

    I instantly reported a fraud to my credit card company and to the
    local police. However, due to a stupid policy of my credit card
    company, they charged me all that money on my account. They started an
    investigation and they will give me back the money only when it will
    be finished (it takes months).

    You may understand my frustration: I bought a few songs for a few
    euros and people stole my info and had fun with my money. My question
    is: who is responsible for all that? All my reasonings bring me to the fact that there might be a security breach in iTunes and million of users' personal information could be under threat.

    I say so for the following reasons:
    1) I did not use that credit card ANYWHERE ELSE in the past 6 months.
    2) Frauds started a few minutes after my purchases on iTunes.
    3) I have a router that protects my network and my PC is ALL THE TIME
    virus/spyware free.

    I reported my story to the APPLE customer service. Although they are
    very kind, they pretend not to understand there might be a security
    leak in iTunes. Of course, even if there was, they would not tell me and they are not responsible and liable (as specified in the iTunes terms and
    conditions).

    This is the protection that APPLE reserves to their
    customers in these cases: NONE. The only real protection we users have is either not to use it at all or not to save your credit card info in there.

    If you really want to keep using iTunes, well, be careful and good luck.

    I look forward to hearing your opinion.

    Ciao,

    Vito
     
  2. TheSpecialist macrumors 6502

    Joined:
    Jun 11, 2007
    Location:
    The Netherlands, Europe
    #2
    I think you might be right.

    About a week ago I bought 2 songs on iTunes, my iTunes account is linked to ClickandBuy, which links it to my Dutch bank account (Postbank). Afther I ordered the 2 songs. I suddenly got another bill that I bought something worth 31,98 euro. I have told them I did not buy anything. But they didn't believe me and now I have to pay 31,98, plus 30 euro's for administration costs:mad::mad::mad::mad: nice, 2 songs for only 61,98!
     
  3. marykay9507 macrumors 6502a

    marykay9507

    Joined:
    Jan 18, 2008
    #3
    That is pretty scary-- glad I just use gift cards! Hopefully all will work out in the end for you-- anyone else have this issue? Where are you from if you have?
     
  4. stolencc thread starter macrumors newbie

    Joined:
    Mar 15, 2008
    Location:
    Belgium
    #4
    Here comes another one

    Hello specialist!

    Sorry to hear you are part of the iTunes based frauds.
    In 1 week I am sure we will be able to make a top ten:
    who lost more money with iTunes?

    Come on guys, I want to make an article after listening to all your stories.
    They cannot get off cheaply.

    Ciao,
    Vito
     
  5. cbrain macrumors 65816

    cbrain

    Joined:
    Dec 9, 2006
    Location:
    North-East, UK
  6. stolencc thread starter macrumors newbie

    Joined:
    Mar 15, 2008
    Location:
    Belgium
    #6
    Hello cbrain,

    Thank you for your contribution. In case you had more details on your friends' story or your friend would like to be involved directly, just contact me.
    I would very much appreciate that.

    Ciao,
    Vito

    Hello marykay,

    I believe gift cards is definitely the safest way to buy on-line, but also the most inconvenient as you need either to buy them physically somewhere or ask someone to make you a present.

    The point here is the following: why do we have to be afraid to put our credit card on an iTunes account...come on!!! Apple is supposed to be between the most innovative, smartest and coolest companies in the world, and they are not able to keep our personal data SAFE enough.
    This is unacceptable and I am going to fight till when they will wake up.

    Thank you,

    Vito
     
  7. marykay9507 macrumors 6502a

    marykay9507

    Joined:
    Jan 18, 2008
    #7
    I was unfortunately a victim of identity theft, so I am VERY careful with my one credit card! They actually sell iTunes gift cards right at the supermarket down the street, so if I am in the mood while I am shopping, I will pick one up!
     
  8. aethelbert macrumors 601

    Joined:
    Jun 1, 2007
    Location:
    Chicago, IL, USA
    #8
    I agree, gift cards are the way to go. They're safer and they also keep you from buying on impulse.
     
  9. seeker777 macrumors member

    seeker777

    Joined:
    Oct 15, 2007
    #9
    I have only ever used gift cards. Not only is it safer, akonradi is right about budgets, I allow myself one $15 card per month to control my iTunes habit.
     
  10. wvuwhat macrumors 65816

    wvuwhat

    Joined:
    Sep 26, 2007
    #10
    Hope I never have to deal with this. I'm worried about having my Amex linked to anything, but Amex seems to be a good company (highly recommend). Hope you are able to get things taken care of, but sometimes sh*t happens, ya know. Good luck. It's just too convenient for me to have my credit card linked, because of the fact it's one click and done.
     
  11. watermelon macrumors regular

    Joined:
    Feb 9, 2008
    Location:
    NYC
    #11
    I just use limewire
    1) its free
    2)i have almost 1k songs in my library...thats 1k$ saved
    3) no credit card info given
    4) its not illegal / gives you viruses like many say
     
  12. stolencc thread starter macrumors newbie

    Joined:
    Mar 15, 2008
    Location:
    Belgium
    #12
    Dear Watermelon,

    LimeWire is indeed a legal software, but it is illegal for you to use LimeWire to share copyrighted files without permission (also specified in its copyright information page).
    My shock value observation at this point is: it is safer to get illegal music from such places than buying it on iTunes. AND THIS IS RIDICULOUS!!

    Dear wbuwhat,

    at this point I believe it is just a matter of luck. If a company like Apple is not able to secure their millions customers' personal information, and, most importantly, they just don't care, we do have a problem here. Because today it is me possibly losing $4000, tomorrow could be anybody.
    Of course, in my personal situation, the credit card company is putting the load. But that depends on the laws from country to country.

    Vito
     
  13. TheSpecialist macrumors 6502

    Joined:
    Jun 11, 2007
    Location:
    The Netherlands, Europe
    #13
    I will be definatly buying iTunes gift cards from now on. For the few songs I buy. I kinda ticks me off, I have 7000+ free downloaded songs on my computer. So I got a few songs I couldn't download, so I bought them, and then this happens.

    It truly pays to get legal songs:eek::confused:
     
  14. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #14
    Is this just an issue in Belgium?

    I note that the posters seem to be coming from Belgium.

    I added my debit card (and the 3 or 4 I have had since then) to iTunes the day it opened here in the UK (June 15th 2004) and have spent over £1000 since then without issues.
     
  15. stolencc thread starter macrumors newbie

    Joined:
    Mar 15, 2008
    Location:
    Belgium
    #15
    Hello Dave,

    I believe/hope your experience is likely the most common all over the world. The fact here is that my experience suggests to be very careful with credit cards on iTunes and definitely requires thinking over on the security capabilities of this software. I will not have my money back by posting my experience on this forum, but at least I can warn you all guys that THERE IS SOMETHING WRONG and to voice my opinion on the fact that in such cases a USER HAS NO RIGHTS!! Not even the right to ask what happened. And I believe this is unacceptable.
     
  16. TheSpecialist macrumors 6502

    Joined:
    Jun 11, 2007
    Location:
    The Netherlands, Europe
    #16
    No I am from The Netherlands (country above Belgium), and have heard a person with the same issue on World of Warcraft, which was from the UK.

     
  17. TheSpecialist macrumors 6502

    Joined:
    Jun 11, 2007
    Location:
    The Netherlands, Europe
    #17
    Great, I called ClickandBuy, and I refused to pay the money because I didn't buy anything. Now I have to pay another 30 euro's, which makes my costs 91,98.

    Jusssst great.
     
  18. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #18
    I suspect the fraud isn't to do with iTunes and simply that your computer has a keylogger on it ;), especially if you are running Windows.

    To be honest assuming this was present: Picture 7.png the connection is secure, so it is virtually impossible to be hacked. The odds of Apples system being hacked are also vanishingly small.

    Even if you are on a Mac the odds of it being a problem with your computer are several orders of magnitude more likely than a problem with Apples system or the communication between your computer and the server.
     
  19. TheSpecialist macrumors 6502

    Joined:
    Jun 11, 2007
    Location:
    The Netherlands, Europe
    #19
    Lol ofcourse it would be IMPOSSIBLE that the problems lies at Apple:confused: there is 150% sure that my computer doesn't has a keylogger on it, it's kinda coincedence that this happens afther I order songs from iTunes, and in the past before that never had any problems concerning other accounts on the internet.
     
  20. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #20
    Yes, because its a commercial system, which will have been designed from the ground up with security in mind, and there will be multiple levels of firewall, etc. etc. It would be an extraordinarily serious issue is this was found at Apples end, and the loss of reputation to them would be extremely severe.

    The people creating the iTunes will be leading experts in the security field and will have had years of experience creating similar systems. Frankly the entire online economy is based on payment systems like iTunes'.

    How do you really know? Have you checked you haven't got a rootkit?
     
  21. TheSpecialist macrumors 6502

    Joined:
    Jun 11, 2007
    Location:
    The Netherlands, Europe
  22. zainjetha macrumors 6502a

    Joined:
    Aug 11, 2007
    #22
    I love apple and have thousands of their products and will buy many more in my lifetime however i dont see why there is supreme image that apple cant make mistakes in their system... i highly doubt it but they should not be seen as 100000000000000000000% pure gold.... every system has flaws, its just that big shiny apple logo on the back of your iphone that looks so good it mesmerizes you into thinking that everything about apple is perfect...
     
  23. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #23
    They'll have multiple levels of firewalls, hardware and software, which are enterprise level. Also the machine will be running with the absolute minimum permissions to do what it needs, which will be significantly lower than the default for OS X, which are lower than for Windows.

    And that's just the web server, the database, which stores your credit card details, will be behind at least 1 and almost certainly at least 2 further layers of security. There are also probably further security measures that I am unaware of.

    They can have a security breach, its just the odds are several orders of magnitude lower than some random person on the internet having a security breach, however "good" they think their security is.
     
  24. stolencc thread starter macrumors newbie

    Joined:
    Mar 15, 2008
    Location:
    Belgium
    #24
    Hello Eraserhead,

    Let us assume my poor XP based PC has kind of breach. I suppose someone could have stolen my second credit card details, my bank account passwords and much more as long as they were there. It did not happen. In this case I should consider myself a lucky man with only 2600Euros less in my pocket.
    What I believe simply happened is that during a transaction to buy 2 songs on iTunes some crooks managed to intercept my data taking advantage of a iTunes bug that nobody knows yet and that is definitely likely in millions lines of iTunes code. It is not a matter of firewalls/router/security measures anymore.
    Let us assume that according to the Apple security studies there is 1 out 100000 probabilities they can make a mistake in the iTunes software that makes it vulnerable. Well, why do they not tell me in advance so I can choose at my risk to share my data or not. Yet, if there is only such a low probability, why they do not offer ANY PROTECTION AND SUPPORT to the few unlucky ones? It would not be that expensive for them.

    They just pretend that everything is fine. But IT IS NOT. On top of that, they do not offer you any kind of support. Who pays at the end (as usual) is the weakest ring in the chain, i.e. the user/buyer who believes and loves APPLE products (like zainjetha) just because they are cool.
    What I am here for is to warn you people to be very careful with iTunes.
     
  25. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #25
    You have no direct evidence of this, despite plenty of evidence to the contrary. It's unfortunate that your card was hijacked, but think about this. Why you?

    If there was such a huge hole in iTunes security wouldn't the thieves be more likely to take 1 euro/month from everyone with a credit card on iTunes rather than 2600 euro from you?

    This kind of credit card fraud is usually a crime of opportunity. The last time my card was hijacked (it has happened twice), the thieves bought $4000 of jewelry in Asia. Within half an hour the credit card company had contacted me and issued new cards. In that case I suspect a hand skimmer was used to duplicate the card when I used it at a reputable restaurant a week earlier.

    B
     

Share This Page