• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Unknown Hack Attacks Continue to Pilfer iTunes Accounts


    According to an expanding number of complaints from iTunes customers, mysterious account hacks are responsible for vanishing gift card money that, presumably, can be chalked up to theft.

    The latest wave of complaints suggests that Apple still has progress to make when it comes to limiting the damage that can be done by hackers determined to access accounts by unlawful methods, change the login credentials, and then steal any available funds linked to the account.

    For now, Apple is sticking to its usual speaking points which acknowledge that the company "takes precautions to safeguard your personal information against loss, theft and misuse, as well as against unauthorized access, disclosure, alteration and destruction." But it remains to be seen exactly what Apple will do in the months ahead as a growing number of iTunes customers say they are experiencing everything from unauthorized app purchases to fraudulent credit card and PayPal charges.

    According to Ty Miller, chief technology officer at Pure Hacking, Apple needs to do more than just refund violated customers as a way to to remedy these unfortunate situations.

    "Either Apple has accepted the risk of the fraudulent transactions and they're happy to reimburse the money because it may cost a lot more to fix then they're actually losing. [Or] there is an inherent flaw in the way they have created the gift card numbers and it would take a serious overhaul of their systems to change how that actually works," Miller says.

    Sources: CNET, Apple Insider
    This article was originally published in forum thread: Unknown Hack Attacks Continue to Pilfer iTunes Accounts started by Michael Essany View original post
    Comments 19 Comments
    1. bleucrayonz's Avatar
      bleucrayonz -
      hmmm... could this be why my icons keeps getting rearranged everytime i sync to my itunes? this is not good for a person who has been diagnosed with OCD.
    1. KraXik's Avatar
      KraXik -
      Quote Originally Posted by bleucrayonz View Post
      hmmm... could this be why my icons keeps getting rearranged everytime i sync to my itunes? this is not good for a person who has been diagnosed with OCD.
      Springtomize 2 will save your icon layout.
    1. c0dy's Avatar
      c0dy -
      So gift card money is the only thing at risk? And what are they doing, transferring the gift card money somewhere else or buying stuff? Is this just a case of people using bad passwords?
    1. prodigy's Avatar
      prodigy -
      lulz
    1. rocky5's Avatar
      rocky5 -
      Mine got hacked last year, (just after itunes was hacked) they cleaned my bank account out buying 31X 10 Giftcards, you know what the so great apple said, we wont reimburse me you need to contact your bank & there is nothing we can do, they also said they locked my account & to change my password

      So the thieving scumbags got Giftcards & Apple got the money, there just as bad as the thief's.

      only thing I can think of, as I purchase all apps on the device, is that it's an app faking in app purchases or something, Hipstamatic used to ask me for my password even though I never bought anything, I never though anything about it till I was hacked a few weeks later.
    1. RoloDiva13's Avatar
      RoloDiva13 -
      Quote Originally Posted by rocky5 View Post
      Mine got hacked last year, (just after itunes was hacked) they cleaned my bank account out buying 31X 10 Giftcards, you know what the so great apple said, we wont reimburse me you need to contact your bank & there is nothing we can do, they also said they locked my account & to change my password

      So the thieving scumbags got Giftcards & Apple got the money, there just as bad as the thief's.

      only thing I can think of, as I purchase all apps on the device, is that it's an app faking in app purchases or something, Hipstamatic used to ask me for my password even though I never bought anything, I never though anything about it till I was hacked a few weeks later.
      So, you never got a refund at all??
    1. bootlegskate's Avatar
      bootlegskate -
      $46 dollars worth of purchases were used from my paypal account which is linked to my apple ID.
      Such a PITA to deal with.
    1. rocky5's Avatar
      rocky5 -
      Quote Originally Posted by RoloDiva13 View Post
      So, you never got a refund at all??
      I did but weeks later from my Bank (fraud section), Apple just refused point blank to do anything bar lock my account, you cant even transfer your content to a new account :@
    1. ibivibiv's Avatar
      ibivibiv -
      Quote Originally Posted by bootlegskate View Post
      $46 dollars worth of purchases were used from my paypal account which is linked to my apple ID.
      Such a PITA to deal with.
      Same here only it was about $300 with of apps/music. The worst part was it was all this Chinese garbage. Thankfully Paypal caught the unusual activity and froze the account. I wonder how long Apple would have let it go? I asked Apple point blank if they didn't find it odd that suddenly a Chinese originated device started charging up a storm of Chinese apps/music on my account while I was obviously still active on that account here in the US. This seemed to be a magical feat that they were incapable of logging and/or freezing an account over. Thank You paypal for having a brain. This was the ONLY time I could say I was disappointed with Apple customer service.
    1. dvill23's Avatar
      dvill23 -
      this happened to me!

      this happened to me, one day i couldn't update apps my password was changed and my gift card credit was completely gone
    1. teej1410's Avatar
      teej1410 -
      Yep this happened to me too. Not as bad as the others but I found one app that was $24.99 that I didn't even purchase in my receipt.
    1. jOnGarrett's Avatar
      jOnGarrett -
      Here's a tip for you all that Ive used for nearly a decade and have NEVER had any issues.

      USE A PREPAID CREDIT CARD NOT YOUR REAL ONE !!

      keep $2 or $3 dollars on it, load up with more when I plan to use it. with Netspend (the one I use) you can keep a ZERO balance on it for a year without having to reload it.
    1. domenicp's Avatar
      domenicp -
      Quote Originally Posted by rocky5 View Post
      Mine got hacked last year, (just after itunes was hacked) they cleaned my bank account out buying 31X 10 Giftcards, you know what the so great apple said, we wont reimburse me you need to contact your bank & there is nothing we can do, they also said they locked my account & to change my password

      So the thieving scumbags got Giftcards & Apple got the money, there just as bad as the thief's.

      only thing I can think of, as I purchase all apps on the device, is that it's an app faking in app purchases or something, Hipstamatic used to ask me for my password even though I never bought anything, I never though anything about it till I was hacked a few weeks later.
      Don't think any app should be asking for your password unless your making a purchase... So that's suspicious... If that's the case and this was an app store app, I would think you have a good case for reimbursement from Apple.
    1. Norb's Avatar
      Norb -
      Curious, to the people who this happened to... was your phone jailbroken? If it was did you ever change your root password from 'alpine'?
    1. Sanady361's Avatar
      Sanady361 -
      Yikes, I had a gift card balance disappear.. I thought it just expired.
    1. rocky5's Avatar
      rocky5 -
      Quote Originally Posted by Norb View Post
      Curious, to the people who this happened to... was your phone jailbroken? If it was did you ever change your root password from 'alpine'?
      Yes & yes, always been JB'n since the first safari JB (long time ago)
    1. teej1410's Avatar
      teej1410 -
      Quote Originally Posted by Norb View Post
      Curious, to the people who this happened to... was your phone jailbroken? If it was did you ever change your root password from 'alpine'?
      I don't remember if my iPod was jailbroken at the time but all I can say is my root password was changed ever since I installed openSSH.
    1. tomdotcom's Avatar
      tomdotcom -
      Going back to the main article, do we know how people's accounts are getting hacked? Are they actually being accessed through an exploit or are users being phished? It would be nice to know how they operate so we can avoid becoming victims.
    1. PatrickGSR94's Avatar
      PatrickGSR94 -
      This is still happening, and it seems to be increasing. There is a huge thread on the Apple iTunes for Mac discussion forum, up to 92 pages now, that was started in November 2010. Almost 25% of the replies have happened in the past month. Simply Google "itunes account hacked" and it's the first link that comes up.

      The fact is that these hackers appear to be targeting accounts with store credit, changing or removing payment information (credit cards and PayPal accounts), and then draining the accounts dry of the store credit, leaving about $1 or less in them. In almost all cases, some free app is downloaded (either Chinese or other apps in Asian languages, role-playing apps like Kingdom Quest or Galaxy Empire, or gambling apps like various Poker apps), and then in-app purchases are made for game or gambling credits. Due to the similarity of all these reports, I find it highly unlikely that these are just random occurrences happening to people with weak passwords.

      One user had his account hacked, despite having extra-strong cryptic passwords, and never purchasing apps or otherwise using iTunes other than on his own 2 computers that also had high levels of security. Another user has had his account hacked 3 times now, despite always using cryptic passwords.

      What's also disturbing is that most people receive an e-mail from Apple saying a device not associated with their account had been used to make these purchases, yet Apple still allowed the transactions to go through without additional verification. They know it's happening, but don't seem to be doing anything about it. Yes, many people have gotten their money refunded, but they also say it's a "one-time" thing as it violates their Terms and Conditions, which in not so many words makes them sound like they thing the customers are at fault, which is NOT the case. Maybe Apple has an employee that has leaked information that led to these breaches, or maybe it's some software like the "Apple Hack" software mention on page 77 of that thread.

      This has to be an issue with Apple security. It seems to me that increasing security protocols that deal with authorizing devices to make purchases on an iTunes account would go a LONG way to resolving this issue.