Conflicting Stories About iTunes Thefts

[Paul Daniel Ash]

Numerous reports of iTunes users being hit with unauthorized charges in the hundreds - or in some cases, thousands - of dollars to their PayPal accounts have raised concern and spread confusion in recent days. There's no clear information about how the thefts were carried out, with some speculating that there is a security hole in iTunes and others - particularly Apple - saying it's just an everyday phishing attack. However, questions remain as to why only linked iTunes and PayPal accounts are being hit.

Similar thefts, specifically targeting iTunes customers who use PayPal as their payment method, have been going on for a year or more. A report in the San Jose Mercury News "Action Line" over the weekend was picked up by TechCrunch, who passed on the story of one user who was charged $4,700 US for a bunch of 10000 packs of "Dragon Crystals" for the CastleCraft game. Searches of Twitter and Facebook turned up a number of reports of similar thefts, prompting worries about a major scam underway.

Apple and PayPal were initially blaming each other for the problem. A number of observers later made statements to the general effect that users were dumb and falling prey to phishing emails, with John Paczkowski at the Wall Street Journal's DigitalDaily passing on what his Apple sources told him: "iTunes has not been compromised and the company isn’t aware of any sudden increase in fraudulent transactions." Leaving aside the fact that of course Apple would say that, no one definitively knows the source of the attacks and it's not necessarily reasonable to conclude that there's no problem with iTunes. (That's sort of the goal of hacking: you're not supposed to know when it's happening to you.)

If the problem was that people's PayPal accounts were being hacked, then we'd be seeing other charges made at different places, not just at iTunes. If people's iTunes accounts were compromised, on the other hand, then it wouldn't necessarily just be those who pay through their PayPal accounts who were being robbed. The reports to date would suggest that there is something in the linkage between iTunes and PayPal that's being exploited.

A PayPal spokesperson told TechCrunch's Erick Schonfeld that "unauthorized charges sent through PayPal are being reimbursed." Apple, for its part, is telling people who have been robbed that they should change their passwords.

Source: TechCrunch

[dq13]

this happened to me about 2 years ago, but it was to my credit card, not paypal, it was about 500 bucks! (BANK GAVE ME THE $$ BACK)

[iLoveWindows&iPhone]

Apple "change your password".....Classic Apple!!

[frail1]

this happened to me a month or two ago, but it was my debit card linked to itunes. I have never given my info out to a phishing scam so I'm pretty sure it's itunes.

[Shishir G]

how obvious apple would say that.
you lose 5,000 dollars, whats their response? NEXT TIME, change your password!

[domaid]

this happened to me a month or two ago, but it was my debit card linked to itunes. I have never given my info out to a phishing scam so I'm pretty sure it's itunes.

The whole point of phishing is to make you think you are putting your details in to a legitimate site so you could have without realising it.

[kstone2274]

Man paypal is so terrible anyone who uses it is a fool

[frail1]

The whole point of phishing is to make you think you are putting your details in to a legitimate site so you could have without realising it.

yeah, i get that but i have never put my itunes account info into anything EXCEPT itunes.

[Dizi]

Don't store your payment info in your iTunes account. Problem solved.

[priezti]

They must have been holding their keyboards wrong when using iTunes :-|

[Fallguy]

Man paypal is so terrible anyone who uses it is a fool

I guess then you mean dont use Ebay also?

[unison999]

My theory points to Apple iTunes.

#1 there were problems with iTunes card being sold for pennies on the dollar, apparantly someone figured out the algorithem. You do not just randomly figure this out, you must have something to go off of. So my guess is they got into iTunes, got the info and generate their own itunes gift cards. Odds are they also grabbed some user info as well.

#2 after the iTunes cards were revamped to fix the gift card problem this new problem starts, so it points to the same people who did the iTunes cards shifting their sales over to iTunes account.

They choose iTunes accounts that links to paypal because of lack of control by the owner of the account on PayPal.
When you have multiple charges on your credit card a warning light goes up. Credit card companies will sometimes stop all transactions and call the card holder. With PayPal you do not have that, it will keep going until account is maxed out. Though there is email informing owner of account that a transaction has been done, usually by the time owner of account checks his email it is too late.

Solution for PayPal would be PayPal app "push" notice of a transaction on their PayPal account to iPhone owners.

[dq13]

Don't store your payment info in your iTunes account. Problem solved.

I didn't have my payment info saved, I had actually never made a purchase on itunes yet, I just had an account, so I am not sure if this was related to itunes... might have just been stolen cc info

[BartmanDK]

It happend to me about 6 months ago. I was charged for 2 insanely expensive programs by the same author, though the programs dident really do anything. I have no idea how the guy got into my account, since iTunes was the only place i had used that password

[-_-]

Man paypal is so terrible anyone who uses it is a fool

actually it's pretty good. It's not PayPals fault (for the majority), its the phishing emails that do it.

[santacruzlocal]

Man paypal is so terrible anyone who uses it is a fool

Do you think about what you are going to say before you type?

[Cowboy]

Paypal is probably one of the most secure ways of making a payment out there. Not say it's impossible to hack,but why would anyone do just iTunes purchases if they had that access. iTunes has plenty of flaws or they wouldn't be on version 9.2.2 or what ever I diffently think this needs to be looked at deeply through both parties.

[PainBlade]

Man paypal is so terrible anyone who uses it is a fool

this kid is ignorant.
Mac's might not be as prone to viruses as Windows, but when apple makes mistakes, they get into some deep sh*t.

[bobright]

if we remove our debit/credit cards from itunes account we can no longer use it, for say free app purchases?

[Cer0]

You can always buy iTunes gift cards. Many people do that.