Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
02-10-2012, 10:59 AM #1
Unknown Hack Attacks Continue to Pilfer iTunes Accounts
According to a growing number of complaints from iTunes customers, mysterious account hacks are responsible for vanishing gift card money that, presumably, can be chalked up to theft.
The latest wave of complaints suggests that Apple still has progress to make when it comes to limiting the damage that can be done by hackers determined to access accounts by unlawful methods, change the login credentials, and then steal any available funds linked to the account.
For now, Apple is sticking to its usual speaking points which acknowledge that the company "takes precautions to safeguard your personal information against loss, theft and misuse, as well as against unauthorized access, disclosure, alteration and destruction." But it remains to be seen exactly what Apple will do in the months ahead as a growing number of iTunes customers say they are experiencing everything from unauthorized app purchases to fraudulent credit card and PayPal charges.
According to Ty Miller, chief technology officer at Pure Hacking, Apple needs to do more than just refund violated customers as a way to to remedy these unfortunate situations.
"Either Apple has accepted the risk of the fraudulent transactions and they're happy to reimburse the money because it may cost a lot more to fix then they're actually losing. [Or] there is an inherent flaw in the way they have created the gift card numbers and it would take a serious overhaul of their systems to change how that actually works," Miller says.
Sources: CNET, Apple Insider
02-10-2012, 12:11 PM #2
hmmm... could this be why my icons keeps getting rearranged everytime i sync to my itunes? this is not good for a person who has been diagnosed with OCD.
02-10-2012, 12:39 PM #3
02-10-2012, 01:14 PM #4
So gift card money is the only thing at risk? And what are they doing, transferring the gift card money somewhere else or buying stuff? Is this just a case of people using bad passwords?
02-10-2012, 02:09 PM #5
02-10-2012, 02:27 PM #6
Mine got hacked last year, (just after itunes was hacked) they cleaned my bank account out buying 31X £10 Giftcards, you know what the so great apple said, we wont reimburse me you need to contact your bank & there is nothing we can do, they also said they locked my account & to change my password
So the thieving scumbags got Giftcards & Apple got the money, there just as bad as the thief's.
only thing I can think of, as I purchase all apps on the device, is that it's an app faking in app purchases or something, Hipstamatic used to ask me for my password even though I never bought anything, I never though anything about it till I was hacked a few weeks later.
Last edited by rocky5; 02-10-2012 at 02:39 PM.
02-10-2012, 02:44 PM #7
02-10-2012, 02:44 PM #8
$46 dollars worth of purchases were used from my paypal account which is linked to my apple ID.
Such a PITA to deal with.
02-10-2012, 03:08 PM #9
02-10-2012, 03:41 PM #10
02-10-2012, 04:23 PM #11
this happened to me!
this happened to me, one day i couldn't update apps my password was changed and my gift card credit was completely gone
02-10-2012, 04:30 PM #12
Yep this happened to me too. Not as bad as the others but I found one app that was $24.99 that I didn't even purchase in my receipt.
02-10-2012, 06:13 PM #13
Here's a tip for you all that Ive used for nearly a decade and have NEVER had any issues.
USE A PREPAID CREDIT CARD NOT YOUR REAL ONE !!
keep $2 or $3 dollars on it, load up with more when I plan to use it. with Netspend (the one I use) you can keep a ZERO balance on it for a year without having to reload it.
02-10-2012, 06:53 PM #14
02-11-2012, 02:14 AM #15
Curious, to the people who this happened to... was your phone jailbroken? If it was did you ever change your root password from 'alpine'?
02-11-2012, 06:42 AM #16
02-11-2012, 07:46 AM #17
02-11-2012, 10:02 AM #18
02-13-2012, 02:52 AM #19
Going back to the main article, do we know how people's accounts are getting hacked? Are they actually being accessed through an exploit or are users being phished? It would be nice to know how they operate so we can avoid becoming victims.
03-13-2012, 01:37 PM #20
This is still happening, and it seems to be increasing. There is a huge thread on the Apple iTunes for Mac discussion forum, up to 92 pages now, that was started in November 2010. Almost 25% of the replies have happened in the past month. Simply Google "itunes account hacked" and it's the first link that comes up.
The fact is that these hackers appear to be targeting accounts with store credit, changing or removing payment information (credit cards and PayPal accounts), and then draining the accounts dry of the store credit, leaving about $1 or less in them. In almost all cases, some free app is downloaded (either Chinese or other apps in Asian languages, role-playing apps like Kingdom Quest or Galaxy Empire, or gambling apps like various Poker apps), and then in-app purchases are made for game or gambling credits. Due to the similarity of all these reports, I find it highly unlikely that these are just random occurrences happening to people with weak passwords.
One user had his account hacked, despite having extra-strong cryptic passwords, and never purchasing apps or otherwise using iTunes other than on his own 2 computers that also had high levels of security. Another user has had his account hacked 3 times now, despite always using cryptic passwords.
What's also disturbing is that most people receive an e-mail from Apple saying a device not associated with their account had been used to make these purchases, yet Apple still allowed the transactions to go through without additional verification. They know it's happening, but don't seem to be doing anything about it. Yes, many people have gotten their money refunded, but they also say it's a "one-time" thing as it violates their Terms and Conditions, which in not so many words makes them sound like they thing the customers are at fault, which is NOT the case. Maybe Apple has an employee that has leaked information that led to these breaches, or maybe it's some software like the "Apple Hack" software mention on page 77 of that thread.
This has to be an issue with Apple security. It seems to me that increasing security protocols that deal with authorizing devices to make purchases on an iTunes account would go a LONG way to resolving this issue.
Last edited by PatrickGSR94; 03-13-2012 at 01:40 PM.