So my iTunes account got hacked and I lost $300 worth of iTunes credit.

Discussion in 'Community Discussion' started by Kendo, Feb 24, 2012.

  1. Kendo macrumors 68000

    Joined:
    Apr 4, 2011
    #1
    The good news is that one call to Apple and I was able to recover the lost funds. The bad news is, I have absolutely NO IDEA how this could have happened. Yesterday morning I received an interesting text on my iPhone saying that I made a purchase on another iDevice and that I could sync up my purchases if I go into my settings. This isn't anything unusual. What is unusual is that my iPhone is my only iDevice.

    I check my email and received a purchase confirmation for an app that has a Chinese name (the actual app was named in Chinese characters). I immediately thought the worst and figured someone overseas hacked into my account. A quick call to Apple led me to their security department and they confirmed that someone made 3 separate $100 transactions. It turns out it was an in-app purchase (probably in-game money for some MMORPG type of game based on the app icon).

    The rep assured me that I would get all my credit back and I already got the confirmation email for the credit to my account, but what is really freaking me out is how did they hack into my account? Thankfully my email password is not the same as my iTunes password and there is no credit card linked to my account, but my password for all intents and purposes is unbreakable if someone were trying to hack it by guessing. It is an illogical combination of numbers and letters that do not even spell a word.

    This has me concerned because now I am questioning my online security. I've already changed my email password and removed all saved credit cards on shopping websites like Amazon. I received a few iTunes gift cards for Christmas and the only purchases I made were a few iTunes songs through my MacBook Air which is connected to my password protected Wi-Fi router. I did a quick Google search and it looks like a number of people had the same problem as me. Could this be an inside job within Apple? I just can't seem to figure out that 1) not only do they need to guess my password but 2) they need to figure out my Apple username to link it to and 3) they must have targeted my account since they saw it had a lot of store credit but how would they have known?
     
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
  3. Kendo thread starter macrumors 68000

    Joined:
    Apr 4, 2011
    #3
    To give you an example of what my previous password was like, it was something like this: $4Ko3!&H8SDd2n%
     
  4. neiltc13 macrumors 68040

    neiltc13

    Joined:
    May 27, 2006
    #4
    The problem is we all want this great convenience, but it comes at the expense of security. I just think it is ridiculous that it is legal for an online store to retain your debit/credit card information on file. If they didn't we could avoid problems like this.

    Many people will make less purchases from iTunes than they do their local supermarket. But can you imagine if you went to the checkout in the supermarket and the cashier said "no need to give me your card sir, I have a copy of it right here from the last time you visited"?
     
  5. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #5
    No ****, you think? :rolleyes:

    OP, its great you're getting your money back. Be certain to change all passwords and continue to change them monthly at a minimum.
     
  6. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #6
    Then your account recovery options were weak.
     
  7. neiltc13 macrumors 68040

    neiltc13

    Joined:
    May 27, 2006
    #7
    Or the same password was used on another site that was compromised.
     
  8. Kendo thread starter macrumors 68000

    Joined:
    Apr 4, 2011
    #8
    As I mentioned in the OP, my password is an illogical combination of numbers and lower and upper case letters like 4$6JuOm24%Di*.

    It also doesn't make sense that they figure out my Apple ID to link to the password.

    ----------

    Now THIS I can definitely work with. Thanks for the suggestion. I will see what all of my account recovery options are.

    I never use the same password for any website.

    I appreciate all of the input guys.
     
  9. rdowns macrumors Penryn

    rdowns

    Joined:
    Jul 11, 2003
    #9

    That is not considered a strong password, let alone unbreakable. A strong password should have a mix of letters (an upper case one or two is better), numbers and punctuation and should be at least 8 characters. YOu can also use spaces in them if you wish.
     
  10. Kendo thread starter macrumors 68000

    Joined:
    Apr 4, 2011
    #10
    Well I tried the password recovery option at Apple and the hacker would still need to access my email in order to get the password sent to them. Not only that, but by using the recovery option, it would reset the password which wasn't the case with my account. Someone got in using my password.

    What you just suggested above isn't any different than what I wrote and used as my password. As I mentioned, my password is an illogical combination of numbers and letters (mix of letters and numbers and punctuation that you also suggested).
     
  11. MorphingDragon macrumors 603

    MorphingDragon

    Joined:
    Mar 27, 2009
    Location:
    The World Inbetween
    #12
    This actually has a hint of truth to it. The best is actually a phrase AND at least one uppercase AND a number AND a symbol. It makes it harder for Rainbow tables and to perform dictionary attacks.
     
  12. steviem macrumors 68020

    steviem

    Joined:
    May 26, 2006
    Location:
    New York, Baby!
    #13
    Yes, a million times yes.

    I was going to post this when I saw this. While no password is truly infallible. A phrase will take much longer to crack.
     

Share This Page