iTunes Hackers Raid Accounts, Charge Untold Amounts

While iTunes users were barbecuing and preparing for fireworks this weekend, hackers smoked their accounts, buying apps with stolen money to drive specific apps up the sales charts.

TNW Apple reports hacking incidents have been reported worldwide, and users have been hit with phantom charges between $100 and $1,400.

So yeah, now would be a good time to check out whatever account you have linked to your iTunes, and to change the password.

App Store, Hacked. (Updated: iTunes Accounts too.) [TheNextWeb Apple]
Reports: iTunes accounts, App Store hacked [CNet]
(Thanks, Rahlquist!)

Comments

Edit Your Comment

  1. ZeGoggles says:

    This was a terrible July 4th for the internet.

    iTunes hacked.
    Youtube exploited.
    Wikipedia down last night.

    Those are only the ones I know about. Who knows what else may have taken place.

  2. DowneMixedBoi says:

    i think Apple should remove these Apps from the store and make the App owner resubmit the App and go through the approval process.

  3. phrekyos says:

    $1400 in fraudulent purchases on your credit card? There’s an app for that. (Or was…)

  4. Caprica Six says:

    In iTunes, I listed my method of payment as *none* (meaning no credit card on file) and changed ye olde password to a strong encrypted one.

    • ill informed says:

      i would reccomend everyone do the same thing. a few weeks ago, my itunes account was hacked. they changed my email log-in and security question anwer. my account was linked to my debit card and so there was nothing stopping them from charging the near $100 dollars in programs, on top of almost $200 in overdraft fees. after getting my account back i took off all payment information and set it to none.

  5. Leela says:

    This is why I use iTunes cards to feed my habit. Plus, I can $60 worth of iTunes cards for $55 at Costco.

    • GolferTrav says:

      Yup! This is what I do too. I especially load up when Costco has a coupon as well. Last time I loaded up, I had an $8 off coupon, so I only paid $47 for $60 worth of credit.

      I also collect my pocket change and run it through the CoinStar machine at the grocery store once a month. If you choose an iTunes gift card/code, they don’t charge a counting fee, which is almost 9% if you want cold hard cash!

  6. Suisei says:

    Oh wow thats freaky. Mostly because I have an iTunes account. I doubt my password was hacked because I use funky combinations and whatnot. Though, better check my current purchases list to make sure…

  7. YouDidWhatNow? says:

    Unpossible.

    The App Store is a safe, secure shopping zone managed by Apple to ensure that only the best applications are available to Apple customers – no fraudulent app could ever get in there.

    Apple products and services, such as iTunes accounts, are perfect and impervious to any attack. So there’s no way that anyone’s iTunes account could have been “hacked.”

    All hail GodSaint Steve Jobs. So say we all.

  8. Kevin Martin says:

    I got my itunes hacked Christmas eve 2006. For $700 in songs. When in the previous 2 years of having that account I had only bought 1 song for my wife. I had used it exclusively for free podcasts up until that song she wanted. So that one gift to her cost me my paypal account and the $200+ in gift certificates that I had received from work. I appealed to paypal and they said that I had to talk to apple. I talked to apple and they told me there was no breach. I went back to paypal and they said to bad. I was liable for the charges. To this day I receive letters every other month from a collection agency. But I’ll be damned if I will pay 1 cent when I am innocent.

  9. Belle says:

    Can I change my Itunes password if I do not have the program installed? I could not find the option on the website. I don’t believe I have a credit card linked to my account since I have never made a purchase. I believe I signed up for it for a free song and decide the Itunes program was horrible and got a 3rd party program instead to manage my ipod.

  10. XianZhuXuande says:

    This story has been blown way out of proportion. I guess that’s not unusual when a big company like Apple is involved, especially when headlines can grab so much traffic, but I’m kind of surprised to see it even now after actual information has come out.

    Here’s a breakdown from a Mac site which normally likes to do some headline grabbing of its own—whenever it can get away with it.

    http://www.macrumors.com/2010/07/04/reports-of-app-store-hacked-greatly-exaggerated/

    • Rectilinear Propagation says:

      Nothing in the article you linked to shows or even implies that anything in the Consumerist article is wrong.

  11. Fenrisulfr says:

    Bad publicity for AAPL, I am happy.

  12. grossmont says:

    I don’t think that these charges were made to drive the rankings higher. With the developer getting 70% of all sales (the other 30% goes to Apple), the developer was just doing normal run-of-the-mill credit card fraud. Being catapulted to the top of the charts was probably just a mistake (drawing attention to the developer), making it possible for this scam to be discovered early.

  13. khooray says:

    Mine was hacked last September until March of this year. I didn’t notice at first because it was small amounts and I have an 11 year old with an ipod touch. It got my attention when there was a $40 charge among others that were bigger.
    I had to fight with Visa to get them reversed and Apple wouldn’t tell me anything at ALL about what address was being used or what purchases were made since my purchase history mysteriously disappeared too!
    I had to make a new account and I didn’t put a payment method on, but lo and behold, my current card number is on my new account even though I never put it on there.
    Apple is behind it and it’s been going on for a LONG time!

  14. Benobi says:

    Hmmm…

    Had something similar done to me in March-April.

    I don’t purchase much, so it was apparent rather quickly when things were amiss. Long story short, the “hacker” went into my account, changed not only my password, but also my user ID (which was also my email address) to an email address just slightly different (but invalid and would ‘bounce back’) than my current one.

    Apple iTunes, BTW, does not send a change of information notification to the OLD email address. Nor do they, apparently, send a required confirmation to the new address. So someone can make an unauthorized change to the account and no one’s the wiser because there are ZERO checks and balances.

    Personally, I think most of this is an “inside” job and not hackers.

  15. yessongs says:

    I don’t use I tunes at all, why waste time with them when you can use a bit torrent?

    • Groanan says:

      Mostly because your ISP is keeping tabs on you and the moment it becomes in their best interest to let people know you what you are doing they will do so and you can be subjected to outrageously ridiculous civil damages from a lawsuit as well as high attorney costs.

      Is it worth the risk? Personally I just gave up on the mp3 altogether and switched to radio channel flipping.

  16. Outrun1986 says:

    I just made an iTunes account, but there is no way a credit card is ever going on it, its just too risky especially since I have heard of problems like this. I will either live with free apps or buy the prepaid gift cards.

  17. ThatsWhatSheSaid says:

    my itunes got hacked for just under $42 dollars in songs only…would love to know how my account was hacked! i also found it funny how one of the two itunes charges on my credit card was for $0.64….nothing on itunes costs 64 cents, i would still love to know how the charge was even made…thankfully itunes has taken care of everything and forgave the fraudulent charges.

  18. Yorick says:

    I only ever get the “free” items from iTunes, and the card I’ve got on my account is a prepaid I doubt I will ever use up (and has something like $3 available on it) so I minimize my risk.

  19. nobomojo says:

    yep. I just went through this myself. someone hacked into my account, changed my username and password and charged up a bunch of stuff. it’s a good thing I have an iphone and use my itunes account all the time so I noticed right away that something was not right. I emailed apple support and they informed me that my account got hacked. joke’s on the them, though, because my CC info was way expired, so they never got anything from me. It did take 10 emails back and forth with apple tech support to get it all straightened out, but they were nice.

  20. WHC999 says:

    Nice to know I wasn’t the only one. My debit card was charged 10 times for $40.93. Looks like I will only be using iTunes gift cards to buy anything from Apple going forward.

  21. pot_roast says:

    From what I’ve read, it’s not a matter of the iTunes Music Store being hacked (or anything at Apple being compromised) but a case of individual users Windows machines being compromised. A recent phish/trojan attempt was going around with a subject claiming that you have won an iTunes gift card. There’s an .exe attached, and running it asks for your iTunes credentials.

    Sadly, this is probably just a case of “right place, right time.” They pulled this over a holiday weekend too, hoping for a slower response time.

    • gemiwing says:

      We were hit by this and we never click those types of things. Plus, we’re running adblock so probably wouldn’t even have seen one.

  22. Munchie says:

    This would be an interesting way of taking out rival apps

  23. dush says:

    Thank goodness I don’t use iTunes.

  24. Chasing Headless Chickens says:

    They got me for $300 last week. I am very internet savvy, and I never clicked on anything saying I had won a gift card. I never open documents or download attachments from people I don’t know. I have Norton 360 active with all the protections it provides. I had a very strong password on my Itunes account. I have no idea how they accessed my account. I’m very upset with itunes. I usually don’t save my credit card with websites, but I (stupidly) thought Apple was a company that would safeguard my information better than others. Boy, was I wrong!

  25. Gail says:

    I had the exact same problem with my itunes account last month. Even worse, it was a complete pain to reverse the charges. First, I tried contacting apple and explaining that my account had been hacked. Some of the charges were reversed with standard responses about one time reversal of “accidental” purchases. The rest were all denied. I wrote again, trying to explain the situation. I did finally get an email from a human, saying that I needed to contact my bank to get the rest of the charges reversed.

  26. gemiwing says:

    We got hit this morning. What a way to start a day. That’s what I get for not reading Consumerist every day. Damn.

    So- even if you haven’t been hit yet, go ahead and learn from our mistake and change your information. They’re still active.

    Luckily we’re poor and they didn’t get much, it’s just another hassle to deal with.

  27. Briamah says:

    Hacked for over 900 dollars. This thing is not going away the e mail I received from Itunes. It is taking a bit of time to get this resolved but I am sure the refunds will be going through. Heads up there is no contact number for Itunes online store so you have to do this by e mail.

    Greetings XXXXX,

    My name is XXXXXX with iTunes Store Customer Support. I would first like to apologize to you for the delay in this response. Due to the exciting new releases being offered by Apple our volume has increased. I assure you that I will do all that I can to ensure you receive the highest level of service possible.

    I understand you are receiving iTunes Store email receipts intended for someone else. I know how eager you must be to get this resolved and I will be more than happy to help.

    I have disabled the iTunes Store account associated with the email address “XXXXXXX@XXXXXXX.com”. Please allow 3-5 business days for this to take effect. Once this process has completed, you will no longer receive email receipts related to this account.

    Thank you for bringing this to my attention.

    Sincerely,

    XXXXXX
    iTunes Store Customer Support
    http://www.apple.com/support/itunes/ww/

    I thought it was funny that they choose to say its just receipts and give a sales pitch while someone has charged over 900 dollars to my account. The thing is in order to close this account on my own I would have download and install Itunes a software I don’t even use.