# iTunes app store possibly hacked.



## rahlquist (Jul 24, 2007)

http://thenextweb.com/apple/2010/07/04/app-store-hacked/
You may want to remove your credit card till apple deals with it.


----------



## sigma1914 (Sep 5, 2006)

Apple hacked? I thought they're the most secure computers...EVER! :lol: I kid, I kid.


----------



## Stewart Vernon (Jan 7, 2005)

It does sound like something funny going on... but so many of these things turn out to be the result of people doing things to themselves.

For instance... people who don't secure their computers where they login to iTunes... thus their accounts become compromised from their end. Also, people who jailbreak their iPhones and then run non-approved apps that circumvent the security of the operating system on the phone, and their iTunes accounts are compromised that way.

I'll be curious to see what the ultimate source for this particular "hack" turns out to be.


----------



## Grentz (Jan 10, 2007)

I know it's the holiday weekend, but I am really surprised Apple has not responded to this yet in really any real way. Seems to be plastered all over the net.

If these apps did prove to go through the App store process I am gonna be pissed.


----------



## BubblePuppy (Nov 3, 2006)

Wouldn't those people that had their accounts hacked get a email notification if a purchased was made ? Whenever Melissa or I make a app or itune purchase I receive a email notification. If that is the case then I think it's weird that those people didn't notice purchases they didn't make.


----------



## dpeters11 (May 30, 2007)

BubblePuppy said:


> Wouldn't those people that had their accounts hacked get a email notification if a purchased was made ? Whenever Melissa or I make a app or itune purchase I receive a email notification. If that is the case then I think it's weird that those people didn't notice purchases they didn't make.


There are times I don't get the email for a day or two, a lot of apps can be bought before I get the receipt.


----------



## BubblePuppy (Nov 3, 2006)

dpeters11 said:


> There are times I don't get the email for a day or two, a lot of apps can be bought before I get the receipt.


Good point. I usually get the email the next day. When I buy a Android app I get the notification within minutes. Since Melissa and I both make purchases from itunes I hope Apple improves the speed of notifications now.


----------



## wingrider01 (Sep 9, 2005)

sigma1914 said:


> Apple hacked? I thought they're the most secure computers...EVER! :lol: I kid, I kid.


I don't joke, they have their fair share of security faults just like every other OS in the world


----------



## Stewart Vernon (Jan 7, 2005)

I'm still waiting to hear how many of the hacked accounts belong to people who are using jailbroken iPhones. I have a sneaking suspicion that might have been the crack in the door that allowed the accounts to be hacked.


----------



## wilbur_the_goose (Aug 16, 2006)

I was just hit by having $700+ of fraudulent credit card charges all charged to Apple (there were a large number of $29 charges). Today, about two weeks after discovering the fraud, I got a bunch of paper statements in the mail today, all with a "ship to" in Huntington Beach CA. Thank goodness I check my credit card register every few days.

The crooks hacked into my dormant Apple iTunes account, got my credit card and postal address.

According to web reports, the hacking of Apple accounts is a very common crime.

Please protect yourself - eliminate your credit card number from your Apple account. I'd also put in a fake street address.

PS - Check out http://discussions.apple.com/thread....t=135&tstart=0 Hundreds of reports here of the same crime, and Apple does nothing. It's also impossible to talk to a human being at Apple about this fraud.

Keep in mind that this is not the same issue as the app top 50, but I'm guessing it's similar. This one goes back at least a year.


----------



## ncxcstud (Apr 22, 2007)

Supposedly, only 400 or so accounts were hacked...


----------



## wilbur_the_goose (Aug 16, 2006)

ncxcstud,
The issue I had had zero to do with the app store.


----------



## ncxcstud (Apr 22, 2007)

Oh, I know...I was just updating everyone else on the issue that was mentioned in the first post .

Sucks that all that happened to you Wilbur...I'm happy to see that you've at least caught it and saved yourself some real hassle and trouble down the line. Any type of theft is hard to go through...


----------



## wilbur_the_goose (Aug 16, 2006)

It's amazing that Apple has such a good reputation. Their customer service is horrible beyond words. 

For example, when I actually got to a human (after 45 minutes of prompting/waiting), I told him that I had evidence to help in their fraud investigation. His reply?

"Thanks, but we don't really have any ability to launch fraud investigations."

My reply, "I have a name and address on the invoice - don't you want that?"

Apple, "No, not really."

Me, "What should I do with the evidence then?"

Apple, "Well... Maybe you could contact your local police department."

Me, "Swell."

Apple, "Thank you for your continued support of Apple products"

Me, "Huh? I don't own any Apple products."

Apple, "Oh, yeah. Click"

Honestly, I have no clue why people have a crush on this horrible company.


----------



## hdtvfan0001 (Jul 28, 2004)

wilbur_the_goose said:


> It's amazing that Apple has such a good reputation. Their customer service is horrible beyond words.
> 
> For example, when I actually got to a human (after 45 minutes of prompting/waiting), I told him that I had evidence to help in their fraud investigation. His reply?
> 
> ...


As some would attest, I'm likely the last person on Earth would would come to the defense of Apple on anything.

That said, in this case...the CSR was correct.

Unfortunately, as the laws are written today, Identity theft and related fraud are police matters, requiring a formal report to be filed and used in the event of future prosecution.

Despite the millions of cases of ID theft and fraud, the system to address the results and casualties are sadly highly outdated from a legal standpoint.


----------



## Stewart Vernon (Jan 7, 2005)

wilbur_the_goose said:


> Apple, "Thank you for your continued support of Apple products"
> 
> Me, "Huh? I don't own any Apple products."


I'm confused... so please bear with me...

You say you had a "dormant iTunes account" hacked to gain access to your personal information... but you don't own any Apple products?

So, why do you have an iTunes account? And if it is a dormant one, why wouldn't you have already deleted your personal info (like credit card info) from that account a long time ago?


----------



## wilbur_the_goose (Aug 16, 2006)

I won an iPod Touch a long time ago, tried it, and didn't like it. At that time, I set up an account, but never bought anything. Deinstalled iTunes and honestly forgot about it.

Obviously, I should have erased the CC info at that time, but I innocently thought Apple had security to keep folks out of their CC database (you know, PCI standards).

PS - I also found out that it's essentially impossible to delete an Apple ID.


----------



## phrelin (Jan 18, 2007)

I think people forget that the iPhone OS is, well, an OS. Between the iPhone and the iPad customer bases, suddenly Apple has something worth hacking either for the ego shot of highly publicized success or for ripping people off which now might be worthwhile.

And, because Apple has a control freak mentality, your ID goes on forever as do your iTune activations on now long-dead computers - you know, the ones that crashed and you couldn't deactivate. Right now my wife has four computers activated, only one of which actually is in use and two of which can't be deactivated. This will be her second time around with support to deal with that problem.


----------



## elaclair (Jun 18, 2004)

phrelin said:


> And, because Apple has a control freak mentality, your ID goes on forever as do your iTune activations on now long-dead computers - you know, the ones that crashed and you couldn't deactivate. Right now my wife has four computers activated, only one of which actually is in use and two of which can't be deactivated. This will be her second time around with support to deal with that problem.


I found a rather unique way of dealing with it. You can't do it very often, but if you have all 5 of your slots activated, you can delete them all at once from inside the iTunes store. I then just re-activated the remaining live ones, and all was happy with the world......


----------



## Stewart Vernon (Jan 7, 2005)

Yeah, I know people who have ran into that problem... the inability to deactivate a computer that no longer works... unless you activate a total of 5 and then can "start over". That is definitely a problem in their system where you can't login to your account from one authorized computer and delete another.


----------



## wilbur_the_goose (Aug 16, 2006)

FYI - The iTunes store has been hacked again:
http://news.softpedia.com/news/Hack...-iTunes-Accounts-on-Chinese-eBay-176742.shtml

DO NOT ENTER YOUR CREDIT CARD IN ITUNES. 
(alternative - buy an iTunes card at the store and apply that to your account)


----------



## tcusta00 (Dec 31, 2007)

I had my account hacked a couple weeks ago - same exact kind of situation where a few free apps were "purchased" followed by a few higher dollar ones. When I contacted Apple about it I was given a stern notice that they would only remove the unauthorized charges as a one-time exception since it was clearly my fault that my account was compromised. 

 

I'm going to take wilbur's advice and just use prepaid cards from now on. 

Ridiculous.


----------



## phrelin (Jan 18, 2007)

Welcome to the real world of successful computer hardware companies Mr. Jobs.

Now go hire 300 new technically competent people to design security measures for your internal operations and for the equipment you sell customers. Real world successful computer hardware companies, as opposed to niche operations, have to do that. And they eat the costs reducing their profit.


----------



## Stewart Vernon (Jan 7, 2005)

I don't know that it is correct to say the iTunes store was "hacked again" since I'm not sure anyone ever proved that it was hacked the first time.

So many people with jailbroken phones OR who are not careful with their passwords when web browsing are most often to blame when someone get "hacked"...

From the recent linked article above:

"_*"Of course these accounts are hacked, otherwise how could they be so cheap?" he said. However, he refused to say how they were obtained.

The most likely possibility are phishing attacks or infections with password stealing malware. Just last month we reported about a wave of fake iTunes emails warning users that their accounts will be suspended if they don't contact the support department.

The advertised link took people to a drive-by download website mimicking an Apple support article which silently tried to infect their computers with malware by exploiting vulnerabilities in outdated Flash Player and Java installations.*_"


----------

