Editors Note: This article began with details of one specific app developer hacking iTunes users accounts and purchasing their own apps using those accounts – making it to the top of the iTunes charts. As the story has developed it appears to be far more widespread than just that one particular developer and his apps…the Apple App store is filled with App Farms being used to steal. We’ve put together a complete list of all the facts and updates to this story here which we high recommend you read instead of this article. Apple has also now released a statement about the matter.
Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer. The rankings in the books category of the US iTunes store features 40 out of 50 apps by the same app developer, Thuat Nguyen.
What’s more concerning is that it seems individuals iTunes accounts have been hacked to make mass purchases of that one developer’s apps. (Update: this does not appear to just be one specific developer nor one particular set of apps any more. Details at the foot of this post.)
One look at a screenshot of some twitter search results above or this MacRumors thread should ring alarm bells – there is a problem. What’s more concerning is that these are only the people reporting it on twitter and forums, plenty would not have.
A screenshot of the books category on iTunes below should illustrate the extent of the problem. How has a developer managed to hack enough iTunes accounts to buy the number of apps required for each to dominate the paid books category on iTunes?
Some users who have had their accounts hacked have left comments on the apps they have supposedly bought complaining that up to $200 has been spent on apps they’d never personally bought themselves. (update: we’ve now heard reports of $600+ spent on some users accounts, more details at the foot of this post)
There are other comments clearly from the app developer himself, giving positive reviews in an attempt to draw attention away from the other comments.
Both the support and company links for the company in iTunes take you to a Home.com URL with nothing but a holding page. Also Google Search results for Thuat Nguyen do not provide any concrete details as to who the individual or company is.
Clearly when one developer completely dominates the ranking in a particular category, other app developers suffer but when it happens by means of hacking end users accounts – it’s a serious concern that leaves everyone involved suffering. Developers don’t get the recognition they deserve, users are being robbed and left with a poor user experience, while Apple is left with a tarnished brand and left with a lot of explaining to do. Why does Apple not have mechanisms in place to detect when previously unpopular apps from the same developer flood the top rankings?
When some apps are left waiting weeks for approval only to be rejected by Apple for minor objections, how does a company with no website, no description and apps that are literally swarming iTunes escape punishment? More importantly, how has someone managed to hack users’ accounts and left many, we can only assume, unaware they’ve been robbed?
What you should do now.
For now, we can only recommend you check your recent purchases, remove your debit card being stored on iTunes and change your password immediately. When we have more recommendations you can be sure you’ll hear from us.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Update 1:
We’re interviewing a number of people who have had their accounts hacked and used to buy apps. Worryingly they aren’t just apps from this developer.
Update 2:
Reader Jamie Vickery, a UK based iTunes user discovered a number of apps had been bought using his account. This does not appear to be a US specific issue any more.
“I’ve just noticed my iTunes account has been hacked in the past week. Someone has downloaded 8 apps and two songs totalling £61.70. The most expensive being an app called All Match by CharismaIST for £54.99! The other apps seem to be based on photographer like Camera One, Night Shot, Camera Flash Ultra. Surely Apple won’t pay out to these developers. I have changed my password and put in an email complaint to iTunes so we’ll see how it goes.”
Update 3:
More reports. Users in the MacRumors forum claiming their accounts have been hacked and used to purchase apps. Two examples:
“Yesterday my credit union contacted me saying there was suspicious activity on my debit card. Sure enough over 10 transactions in the $40-$50 area all on iTunes equaling to $558″
“I also received a receipt via email on my “Purchases” on 7/2/10. I made the mistake of storing my debit card on the itunesstore app. I have run into the exact same responses that other users are reporting–only email as a method of contact.
That response was to tell me how to change passwords, etc. – stock answers and to also tell me of no refunds. I was an internet technician for years so the iTunes advise was second nature for me but with little hope for “fixing” the issue since I believe that the breach was on the iTunes server.
Thankfully, I carry a smartphone with my email setup on it, so I received the invoice quickly. Most of the 15 purchases where for items that I don’t even own i.e. iphone (I have a blackberry) and ipod (I’m 47 and I still use a radio for my music). I was able to verify the $70.15 charge via mobile banking and immediately called my bank. The transaction was in the processing stage and I think my bank was able to refuse it–I’ll see after the holiday weekend. With my card canceled, the additional $20+ charge was unable to be authorized.
I noticed reading the comments that someone was starting a class action suit, there are enough victims to be able to makeiTunes responsible for this.
I will not take this laying down–I’ve filed a police report and filed a complaint with the Better Business Bureau and if I can afford it–I want to be included in the class action suit if it was started. I am currently trying to figure out how to get the news media notified of this scam. ”
Update 4:
A succinct list of facts and updates to this story can be found here.
Update 5:
Thuat Nguyen’s book apps have all been removed from the iTunes store but there are many others. More details and further updates can be found here.
Update 6:
Apple has now released a statement about the matter.
This is one of those things that better get fixed fast. Apple’s got some security holes to fill, or there will be bigger problems and larger $$$ amounts to deal with!
Sounds like it could be the result of a Phishing attack, ie. someone putting up a fake iTunes website that asks for your iTunes password. In this is the case then there isn’t really anything Apple can do about it, nor is it their fault.
it absolutely is their fault if Apple isn’t detecting suspicious activity when previously unpopular apps from the same developer are being bought in bulk.
You are working on the assumption that such activity is inherently suspicious. In this case it is, in other cases it could just be due to a marketing campaign. Yes Apple should have systems to flag such activity to them, but nothing quite a crude as “you’ve suddenly become popular”.
I am absolutely working under the assumption that bulk purchases of different apps all owned by the same app developer is very very suspicious.
What if an app developer had a bunch of apps up that weren’t getting much attention and then dropped $1,000 on effective advertising, causing a spike in their sales? That happens quite often, and as a iOS developer myself don’t like the prospect of my app sales getting blocked by some automated process if all of a sudden they become popular or I decide to drop some dough on advertising.
I agree with Zee. That should be a good way to flag something down. But at the same time marketing can make these sort of things happen yes, the solution needs to be somewhere in the middle.
add IP detection to that… all purchases using different accounts coming from the same IP would be very suspicious indeed. But then a hacker can just use a botnet to side-step that restriction
“Why does Apple not have mechanisms in place to detect when previously unpopular apps from the same developer flood the top rankings?”
Maybe because it’s never been an issue before now? You might say, “well, it’s a predictable risk!” but you could easily think up several other bad-news scenarios for the App store that are also outside of Apple’s control. Which risks should Apple try to mitigate, when none of them have manifested as issues yet?
I do however believe that: a) iTunes customer service could certainly be better and b) IF Apple have had a lapse in their security (leaked passwords, exploit in iTunes store etc), they will deserve whatever they get.
Apple users aren’t supposed to be experts though.
If you’re going to baby your users you’d better expect this kind of thing.
If it were CERTAINLY a phishing attack then yes, there wouldnt be much apple can do. But no one knows yet. So for now Apple is not free and clear, thus their fault still.
Yes good to see the fanboys rush to Apples defence without enough information to make an informed opinion.
And it’s equally interesting to see someone on here vilify Apple and it’s fans without knowing all the facts.
What’s the difference between defending Apple against a sensationalist article (the APP STORE was not hacked, individual accounts were probably phished), and the “argh! tar and feather Apple!” attitude many have adopted?
They are exactly the same. In fact, probably the same people.
Something that happened recently, like this perhaps?
http://www.snopes.com/fraud/phishing/itunes.asp
I had my account hacked but I saw a receipt email come in when it happened and I had my paypal shut off immediately. However, Apple was horrible about it. No phone support so I was directed to a form. Overall, it took 48 hours to get my ITunes account disabled to prevent further purchases. Just horrible service.
There’s a snake in the garden.
Proprietary closed systems are not necessarily safe systems.
” how has someone managed to hack users’ accounts ”
what about: hey, i can’t remember passwords so i will use 123456 ;-)
This gets my vote for +90% of the problem
I’ve just noticed my iTunes account has been hacked in the past week. Someone has downloaded 8 apps and two songs totalling £61.70. The most expensive being an app called All Match by CharismaIST for £54.99! The other apps seem to be based on photographer like Camera One, Night Shot, Camera Flash Ultra. Surely Apple won’t pay out to these developers.
I have changed my password and put in an email complaint to iTunes so we’ll see how it goes.
thanks Jamie, will update the post. Worrying that it isn’t just US and not the same app developer.
the website “Get Human” lists this for Apple:
800-275-2273
To talk to a real person: press 0 at eac prompt, ignoring messages.
Hope this helps.
Haha I noticed those weird books a week ago on the top paid list. I was wondering why all these vietnamese versions of what looked to be the dragon ball manga were in the top 20 (I mean, they were probably 15 out of the top 20 too.) Kinda obvious in my opinion…
*EDIT* Correction, they are still there
Apple deserves the same kind of criticism and scrutiny that Microsoft would be afforded in this situation.
… except Microsoft isn’t blamed when someone’s credit card is stolen because they fell for a phishing scam.
Aaron where does it say for certain that THESE INCIDENTS were part of a phishing scam? I say everyone should receive whatever blame they deserve whether it’s MS, Apple, or whomever. It’s funny how people defend these companies just because they have some sort of emotional attachment to them. This is starting to sound like Dems vs. Reps. Stick with your group regardless of how little sense their decisions make! lol
IT doesn’t have to be “for certain,” he’s just offering up the fact that phishing attacks WHEN THEY DO HAPPEN are never blamed on the second-party site.
IF this turns out to be a phishing problem, and it certainly seems to be the Occam’s razor answer to this issue, then Apple can’t be the one responsible for it.
My iTunes account was also hacked in the last week or so and I was billed £140. iTunes customer support was less than supportive and it took my bank getting involved, my card being cancelled and reissued and 2 changes of passwords to get is sorted. The apps that Jamie Vickery mentioned were bought using my account too. However, most of the items bought on my account were music items including ‘Third Reich Military Music Archive’! I suspect that’s a developer with a twisted sense of humour!
Hopefully there won’t be any problems between iTunes and my bank but it was very annoying at the time.
It seems like the issue has been there fore quite some time and Apple has not taken any action what so ever… this is just ridiculous.
If this issue has been here for quite some time why has it not come up before now?
How many people have been hacked? It’s interesting because in my experience over the internet, and I’m always using it, I’ve never been hacked. What do people do to get hacked?
from all I read here, maybe those people use the same password for their facebook and iTunes account ?
I really hope Apple clears this up!
Apple brand is really a great brand for being specific to education, designers and artist however I had feared this might end since they are now trying to please the masses by creating a product that everyone can use and afford but when companies try to do that a lot of problems will occur.
Regardless of this the product is still great but the problem is the hacks. I’m sure that can be fixed.
Apple products: it just werks lol!
Clearly the apple community has been told, yet again
Chuck out all of the low quality Chinese developers. No surprise that’s where this hack came from.
Wow for once I’m happy I use paypal to handle my iTunes account. I’m not affected myself but I know it would be way easier to get a paypal rep on the phone than an iTunes rep! Also if everyone used their credit cards rather than debit cards it’s a lot easier to fight fraud purchases with a credit card than a debit.
HAHAAHAHAHAAHAH STUPID APPLE WHORES THATS WHAT YOU GET FOR BEING UNORIGINAL MINDLESS TASTELESS IDIOTS
Why is it some people just cannot resist the urge to show how idiotic they truly are? It’s the whole “hey I’m anonymous, I can troll all over and no one will know who I am” elementary school mentality that just puts it all in perspective… After all is MUST BE Apple’s fault rather than the people who came up with the scam apps and put them in the App Store in the first place…/sarcasm
On topic, I hope that this issue get’s settled soon (i.e. all the people who were scammed by these scumbags get their money back and these scumbags get punished for their actions) and Apple learns from this experience.
Ugh. The credit card attached to my iTunes account has been used to make purchases at a Walmart over 300 miles from where I live, and a hotel in Iowa.
Our account was hacked just over a week ago. We’re still waiting on our bank to finish its ‘investigation’ to get our money back. Unlike what others have reported, we were taken for over $1400.00 on what looks like in-game credits for some game called World War at $160 a transaction and some music. Again, Apple did nothing to help but give the password reset advice and removing of the credit card info. I’d like to add, though it may be coincidence and have nothing to do with it, we enabled Home Sharing in iTunes just the night before the charges appeared that next morning.
We, Storm8, are the developer of the World War app. We do not hack into anyone’s account and we do not use anyone’s account to make purchases. If you have more questions, please email support@storm8.com.
hacking should be equated with jail time. a few well publicized convictions should put the hackers on notice and that means over 5 years in the hoosegow. same goes for false claims of thievery from itunes.
if it’s legit you should get a refund. if it’s not then you should spend some time learning a lesson in honesty.
Sorry as soon as I saw the words Class Action you all lost my sympathy. Things like this happen all the time…either way the Credit Card company will refund the charges and Apple will obviously not be paying the developer.
The chance are 100% the store has not been hacked but some of you have fallen foul of a phising scam. Probably windows users.
The ‘probably windows users’ really cements just how much of an idiot you really are.
+1 to that. I love how people act like Apple is so superior when it comes to viral attacks. The reality is that Windows machines are a bigger target at this point. According to 2008 data, Macs only occupy about 3% of the worldwide market. If Apple continues to grow and maybe bring prices down so that people can actually afford their computers, hackers will certainly spend more time and energy breaking through Apple’s security measures.
Deadmau5 rocks! Just saw him in Chicago on Friday. :)
You can remove Mr. Jobs’ cock from your mouth now sir. Do not forget to wipe your chin.
I don’t think so, Tim.
I don’t think so, Tim.
I believe Global Warming was the cause.
Sorry, people’s. I just spoke to Steve Jobs and he said the problem was you were holding it wrong.
epic win.
What makes sense to me – rather than an intrusive hack – is a phishing scheme, possibly over an extended period, to acquire IDs and passwords. Then these clearly spurious titles (and other apps?) were sent to the app store and approved, and their “purchases” used to fleece the phished of hundreds or thousands of dollars pretty much overnight.
Nothing got “hacked,” as such by nefarious coders – it’s just simple, criminal fraud. Citing fraud, Apple can refuse to pay the app seller(s) it can identify and try to unwind the fraud for its customers whose identities were stolen.
Definitely not a phishing attack got charged for 55 dollars at the app store have never logged into anything but the app itself
THIS IS WHY YOU NEVER SAVE CREDIT CARD NUMBERS!!!!!!! Its like the first rule to anyone who uses the internet.
uh, the rule is, don’t be stupid with your password, not “never save credit card” every one knows that you are covered from stealing with your credit card…
geez man, use the thing, if you have a PC (your first mistake) then you are going to get your password stolen if you are careless with malware. if you get your credit card stolen you get your money back…
that is the beauty of using a credit card… you are protected… now your advice might actually cost someone some money, if they instead use a gift card, and it gets stolen, there is no recourse…
so be careful with your advice….
this isn’t the “app store” being hacked as the author of this blog is trying to make it out to be… it is PC users having their PC hacked, and their password stolen, that is all..
some bad guy just collected about 30 of them and let lose over the holiday weekend is all..
do some basic research and you will find this happens EVERY DAY for the last 3 years…
there is nothing Apple can do about you being careless with your password… it is like you being careless with a $1000 dollar bill… (that you can get back if you have a credit card)
what is Apple supposed to do? tell every one to get a Mac, so they don’t have to deal with the dumb sh*ts every day?
Ok, I use iTunes on my PC here in Ireland. My PC goes into a locked cabinet every night. Only I have the key. I have no malware on my PC.
Last Thursday I had over 1000 euro spent on MY iTunes account in IN-APP purchases for chips for Zynga Poker.
This is an iTunes account hack. Plain and simple.
Also: Apple’s response email (4 days late after their advertised 24-hour response period) was totally unsatisfactory.
Never again will I use the iTunes Store if they can’t handle basic security.
———-
My PC goes into a locked cabinet every night
————–
wow, i wasn’t sure how clueless PC users were until now… (just kidding.. i knew all the time)…
so you use iTunes without your PC being connected to the internet? or do you know what the internet is? on a PC, just connecting to the internet will get you hacked in certain situations, someone proved this by doing demo, it took i believe less than 30 seconds…. the Mac… not so much… let me guess, you are running Windows XP, on a 3 year old dell… right…
and what a surprise, you blame someone else… “this is iTunes” that got hacked… couldn’t be you, no way… right?…. guess what the last 1000 people said that got their password stolen?
As Mr. Darth Vulgar says:
You can remove Mr. Jobs’ cock from your mouth now sir. Do not forget to wipe your chin.
Dude at least have the originality to use your own insults when you troll.
Ya know it’s trolls like yourself that give Apple fans a bad name… seriously you’ve contributed NOTHING other than some Anti-PC rant – it’s a good thing I know some mac users who aren’t arrogant elitist assholes like yourself otherwise I’d paint all Mac fans with the same broad brush… Go back to your bridge troll boy.
yeah they hacked app store very easily
check it in my blog
This isn’t journalism. This is just another attempt at making Apple look like they faceplanted over a fence rather than just stumbled over a pebble. The problem is not with Apple’s gear, rather than the user. App Store has just been used to traffic phishing apps. Very yellow journalism.
I’m sure the people who have had several hundred dollars of their money disappear would agree with you that this is best swept under the rug.
I’m sure the people whose accounts were compromised were just holding it wrong.
This is nothing new-and all fraudulent charges arent happening the same way: Check the Facebook group: “Apple needs to step up and investigate these fraudulent charges – http://www.facebook.com/#!/group.php?gid=115931615089725
I got hit for over $600 in April-and only ever downloaded anything from them ONCE-several months ago! In my case, I never got any receipts-someone hacked the account and changed the password and evidently the email on the account-I couldnt even get in to change anything! Also Apple has something in their TOS that says they can keep your card number and charge to it-they were still hitting my account after I had spoken to an actual person at Apple and received an email confirmation of my complaint! Apple’s answer is to blame me and the bank.When I looked into this, I find this has been an on-going problem with iTunes back to at least ’07 . . .and Apple has done nothing to solve the problem, even down to having perfected an inane ‘system’ for fraud complaints that basically says, “It’s your fault-we’re keeping the money-tough luck, sucker!” I’m no techie but even I know there has to be a major hole in their systems to allow this to happen in so many ways to so many diverse accounts over such a long time. It’s apparently happening to people all over the world, too! So yes, where do I sign u for a class-action lawsuit? It’s the only way this is going to stop!
It rocks me. I have to check my account again. That means I have to turn to other electronics shop like sunnygain.com? Damn it!
[...] It seems that your iTunes account information is not as secure as you would hope. Earlier today hundreds of accounts have were logged into and forced to purchase up to $600 worth of apps[...]
Well.. That Looked like a July 4th Surprise.. Lucky Somehow I Disabled my Debit Card, and even if they Hacked in, they couldn’t Buy Stuff because I still owe iTunes $4.99
whoever said apple was super secure when this stuff happens and they always pick out microsoft for their security holes
what cracks me up is that people chalk up Apple’s great security track record to them somehow being “better”.
Once their OS & browser reach 70% of the total market share we’ll see how secure they are.
Too true. Example: see Firefox.
This recently happened to me… someone in Turkey hacked my gmail and used it to re-assign my itunes account to a new gmail account without me knowing. They used up my $28 store credit and charged about $50 to my credit card before I noticed and called my bank to tell them the charges were not me. Took about 56 emails back and forth with apple to finally get all my money and store credit back… changed account passwords, names, etc.
oh apple. it was a good run.
What did u guys like better, Conan 3 or Conan 13? Personally my fave is #7, I can’t believe it’s ranked behind 3 and 13.
To all the people that say that apple should fix this. I have one question How?
How to you propose they go about fixing this. If they removed every app that has been popular then there would be much of an apple store. Even the ips addresses can be masked by going through proxies. If apple has noticed these issues wi iTunes, if they are issues with iTunes and not because of people leaking their own details, they will be thinking of the best and most effective way to both secure accounts and keep the developer community happy.
Are you serious? How do you think credit card companies detect dodgy transactions? They build technology that can analyse patterns for suspicious behavior. I would say one previous unknown author suddenly having 40 of the top 50 in the category would be considered suspicious. Wouldn’t you? It’s not rocket surgery.
I’m glad I only had 60 cents anyways xD
just and idea to analyse the people who have been affected would be to gather all app names they bought (volounteeringly) and see if others have the same apps,perhaps that would show if people downloaded the same app.
Another question could be asked if they visited an external site or access itunes website through another site or link where they asked to login with itunes account as to do it from itunes application,iphone or main websites ie. http://www.apple.com …
just some thoughts, i might change my payment option :)
Thanks for the heads up, I took my CC# out of iTunes. Has Apple acknowledged that this is happening? Lol, ok I know, I know, St. Stephen would never admit wrong doing.
This doesn’t surprise me at all. Apple is in waaayyy over their head. The popularity of their products has grown much faster than their ability to protect the consumer from something like this. Personally, I wouldn’t own anything with the name APPLE on it, unless it was something like The Beatles white ablum.
Isn’t that like saying “I’ll never own any product with Windows on it” because they are too popular? Or “I’ll never own xxxxxx product because they’ve been flying off the shelves”?
So smug has apple been towards windows hacking etc while hiding their own problems behind marketing hype. From information so far this was not phishing, it was the use of card information within iTunes. AKA Apple have a public hack.
Ok it can happen to any company but when it happens to the self opinionated, name calling Apple you can’t help but smile.
iPhone envy think not – iPhone sympathy more like!!!!
Someone purchased the mating game with my account.
You better delete your Credit Card from your iTunes Account and buy some iTunes Giftcards 15$ or 25$ then your risk to loose money is much less than loosing thousands of Dollars on your Credit Card and avoid the Bank stuff to try to get your money back. I tell you to convince a Bank that you did not buy something is a big pain in the a..
First the “loss” of the iPhone 4 prototype, now iTunes accounts get hacked. What is happening to Apple security??
Since many people tend to keep same login details across different platforms (facebook, twitter, etc.) it could also be a hacker getting creative with account details harvested for other purposes
I’m curious if there is some sort of common factor to these issues… are the victims all running a version of Windows or were some on Macs or Linux boxes? Did they fall for a “free $50.00 iTunes card or did they even get that phishing email? I use Windows, have an active iTunes account, and have not been hacked like this – obviously people have been so there IS an issue, one I somehow managed to dodge thus far.
Obviously Apple does need to do some more in depth checking and vetting of the the third party apps to make sure they are legitimate apps rather than some slimeball hacker’s attempt to extract money fraudulently. This also makes a very compelling argument about having a pretty stringent app approval policy, which brings me to another question – how many Android, Blackberry, and other smartphones users who have accounts at the respective have gotten hacked like this?
It is highly unlikely that my client was hacked or password guessed but still I was billed for 11 photo-something apps a song and two 50,- iTunes gifts. I am from Germany and the support totally sucks. I tried to correct the first case, tried to get somebody on the phone but while the support played dead or very stupid the 100,- gifts were created. All Apple could come up with was ‘deal with your credit card company/ bank’.
Never again Apple stuff! I am a computer scientist and know nothing is secure but the support realy deserves not using anything by Apple again.
Steve Jobs says that the formula they use to calculate how much money’s left in the credit card is totally wrong. The formula, in many instances, mistakenly makes you think that you have more money left in the account than you should for a given balance. A software fix is on the way though…
A fool and his money are soon parted. When you base your entire company off of selling technology to people that don’t know how to use it (“it just works!”), you will have a lot of fools being parted with their money.
Ignorant people will mess up their fancy computers regardless of what OS is on them, but you’ll be seeing a lot more of this with the false confidence that Apple gives its users in the security of their devices.
The hacking has been going on for some months (if not years) as you can see here:
http://garysaid.com/is-my-apple-itunes-account-hacked/
If you search for a post from “Matador” you can get also a plausible explanation (read it, it whorths!).
I have filed a IC complaint and an FBI Cyber Crime Division note.
My account turned to Chinese and they tried to download chinese written apps. Give them time: if Apple does not start taking countermeasures you will see apps in any language…
BTW, I have a Mac and I use very complex, random generated passwords.
Maybe some sporadic cases were due to keyloggers/weak passwords but I think this is a security flaw on Apple’ s side..
And finally the gift card that Apple sent to me to sweeten the sour of the hacking had been…hacked.
Unbelievable
PS
Some of you are right when they say “don’t link a credit card to your account”.
Well, in some iTunes shops around the globe you cannot create an account without linking it to a card. You can dissociate it from the card ASAP…
But I was lucky: having the SMS service active on my cards I am insured
against these scums
That guy created a Google App in Cydia I wonder if he had some kind of keylogger. If all these accounts are gmail then that’s how he got them.
Yes that app was really a keylogger my friend investigated the code and its a keylogger
Lol, so funny all these apple fanboys. Fair, enough, just about everyone gets hacked. It is just one of those things. This just goes to show how secure apple is. Just as secure as MS years ago. Being the biggest makes you a target and you will get hacked, no matter what.
But if apple is keeping such a close eye on the market and its walled garden, stuff like this should not happen. Please think apple is so secure, think again. They have never been targeted by hackers. If they grow, things will become clear.
How can it be phising? Who ever logs onto iTunes without going through iTunes app?
now is when all the ”you rly don’t have an itunes account? ¬¬ ” sounds just so funny.
You do know that “Thuat Nguyen” stands for “Naughty Tune” ?? ;)
;)
A way to deal with it would be to send you a confirmation email you must agree to before the purchase is made. But I bet they won’t do it because it will give the chance to impulsive buyers to have a buyers remorse. Plain and simple Apple does not care if you lost. They only care when they lose.
My account got hacked for $965. Whoever hacked it changed the email for recieving the receipts, I received one email and my debit card got declined thanks to my bank and their fraud/suspicious activity reporting. So I am sure they are doing this to a alot of other people and they don’t even know it yet.
My account was hacked as well, and the ‘email only’ support from Itunes has been truly shameful for a company such as Apple. A phone call to the ITunes customer service line found no one willing to help as they apparently outsource their billing. I was told the only way to communicate with that company is through email. Apple has thus far refused to assume any responsibility for the breach in their security, and my bank has forced me to close accounts etc before they will remove the charges.
It’s been a frustrating and perception changing event for us.
Absolutely, it is shameful that Apple hasn’t addressed this by having phone reps who are available to speak to AT THE VERY LEAST. A company with that type of resources and revenue…and we have to wait 24 hours for a reply, not knowing if our accounts are still compromised. SAD Apple, VERY SAD.
I’m a Service Delivery Manager at an IT company and if our service was this terrible, we’d be out of business.
I absolutely agree. Same issues here. It’s all “not our fault”. Although I agree that they may not have CAUSED the accounts to be hacked, they:
- enabled it by having weak processes
- they failed to act rapidly when learned about the hacks
- they did not notify customers that we had been hacked
- they would have kept their commission had we not disputed the charged with the banks – making them part of the fraud
- they made us do all the work to rectify
Where’s that class action?
The one click purchase is a dangerous feature of itunes and should be disabled.
I found out by accident that i had 9 iTunes purchases when I went to check my account balance online to verify that a deposit I made on Friday had been posted. Each charge totaled $40-$42. I cancelled my debit card associated with that account. I then called to cancel my iTunes account. This was July 3. During the time I was on hold – over 30 minutes, I had my account history on the screen and the last of the purchases posted showing that it was already July 4, 12:33 am wherever that asshole lived. At least iTunes sent me an email yesterday apologizing and telling me what should be done and that when my bank disputes the charges it
will not be a problem reversing them… We shall see.
Ridiculous. I can’t believe my bank would notice the strange transactions going on judging by movements on ONE account, whereas iTunes will not notice thousands of users spending like crazy all of a sudden. There should be a big red button in Apple headquarters to temporarily stop all sales in such case and redirect all users to an explanation page. I would rather not watch my movie tonight than lose $500, don’t you think? But wait, iTunes is making money off of all the transactions – that’s right…
@ Tom Davenport
Convinced now?
http://www.independent.co.uk/life-style/gadgets-and-tech/news/hundreds-of-apple-customers–fall-victim-to-hacker-in-app-scam-2019189.html
Lol honkj, Way to show us stupid PC users how intelligent the typical Mac Troll is. L2English
Just wait til all the Mac users buy enough Macs to make them %10 of the computers sold then they will all be hacked because of some simple flaw that Apple has know about but never patched. Oh yes the day will come. Make my words. Well that is if they ever get to 10%
Shhhhhhhhhhhhh … don’t take away their ignorant bliss. The evil-doers are already testing the waters.
“Oh yes the day will come. Make my words.”
Make my words? LOL. Sometimes foreigners who can’t speak English are pretty funny, I must admit…
The one click purchase is a dangerous feature of itunes and should be disabled.
Mine was compromised too, about $60 worth of Taiwanese Love songs.
This is so obvious .. this type of intrusion is called “Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges” .. Kind regards
Where’s that class action?
I absolutely agree. Same issues here. It’s all “not our fault”. Although I agree that they may not have CAUSED the accounts to be hacked, they:
- enabled it by having weak processes
- they failed to act rapidly when learned about the hacks
- they did not notify customers that we had been hacked
- they would have kept their commission had we not disputed the charged with the banks – making them part of the fraud
- they made us do all the work to rectify
Where’s that class action?
after billions of safe transactions, a few people get whacked. its only a hint of the possibilities. something else is going to happen, i can feel it, in my bonz…
My account got hacked tooo! they did 5 transaction buy 154 dollar each transcation for some credits on a game app! wtf! and apple is not willing to do anything. What a bunch of twats.
I think apple should not be able to authorize any charges automatically and bill later. If they stop doing this the banks will then be able to deny the charges if there is not money in the account. Apple is making money by automatically authorizing the charges. I found out that someone tried to hack my account because when i tried to redownload apps to my Itouch they wanted to verify my credit card on file which they have already had for almost a year. That was a red flag. I have always been able to redownload apps with no charge or without asking to verify my info.
My account has been used to purchase over £700 worth of in game purchases for an app called Zombie farm. I have never installed this app or ebven heard of it prior to this happening.
Apple are completely useless, my bank will only refund me the money once they can confirm with Apple that the purchases are fraudulent, and thye bank want me to get contact information from somebody in Apple to verify it. 6 emails later, and i am sick and tired of replies that are obviosuly temapltes sent to everybody with the problem. All of which state “contact my bank”
Useless
We should file small claim against Apple for their issue, this is not ours. I have written letters to Steve Jobs with not written response only one of the worker bees who called for Steve, will not help or be customer friendly. One word Lawsuit.
I had my iTunes account hacked last week here in the UK and had 13 transactions totalling £350 taken from my bank account in amounts from £1.58 to over £60. I was digusted that I couldn’t speak to an actual person about this but only contact via email. The payments were not authorised by my bank but it took 2 days for the funds to become available again. I have since closed my account with iTunes.
Wow, and here it is a month later and I wake up to $175 removed not via the credit card on file with iTunes, that all of my legitimate purchases have been charged to for years and years, but rather via PayPal charges (five to be exact, in the amount of around $40 each). The fifth charge actually even came through WHILE I was on the phone with PayPal, trying to find out what was going on. Trying to find a number for Apple was fruitless, so went directly to PayPal.
They were able to determine that the charges actually came through an old billing agreement that was on file with Apple from 2006. I have not used direct debit for my iTunes account for years and years…it always comes to my credit card on file…even the purchase I made last month (my last legitimate one) WAS billed to that credit card! And, that credit card still showed as being on file with my iTunes account, when I logged in this morning. I have since removed it, of course. Once PayPal severed this old agreement, which is so old, I don’t even remember it, the charges stopped, but not before I was out all that money!
Apple better make this right or I am definitely on board for the whole class action idea. Heck, I will even track down a law firm and start it, if need be, if they aren’t stepping up to the plate on this.
There is NO WAY I am in any way responsible for this. I am diligent about passwords, since I work in an online sales industry I know how important it is to stay safe, and I use a password random generator that make for some mean passwords to crack. No, I am convinced that somehow someone was able to access my iTunes account because of this breach and do this. I have, of course, since changed the password using my password generator. Oh, and don’t even mention key logging…never happen. I have been Mac all the way since 1985 and I don’t type my passwords in anywhere. They are either copy/pasted from my password manager, or I log into websites via that manager, to keep them safe.
Im the latest victim…my Itunes store account got hacked yesterday and those fuc*&%$ have charged more than $2500 to my bank account/ credit card… Im so disgusted…Now Im running around making calls to my bank and paypal and itunes store to get my hard earned money back…. This is unbelievable. I was under the impression that itunes / apple would have some high levl of security for their customers…but i guess not…
The exact same thing happened to me last night, i havent used my itunes account in years then i woke up this morning and checked my email and there was 27 reciepts from paypal saying i purchase itunes apps…over $2000 worth!!!! how did this work out for you??
The computer we use for iTunes is a Mac, not Windows based. It is a laptop that we keep exclusively connected to our home sound system. The only time we ever use it online is when we are on the iTunes store. The other day, someone purchased $700 worth of apps from 1 am to 4 am. My credit card company called me the next morning. It’s interesting how they can identify fraudulent purchases but Apple cannot.
It took 3 days for someone to contact me after I submitted my claim. They basically accused me of second guessing my purchases. They also accused me of using a PC. They were wrong on both accounts. It’s interesting that Apple treats it’s customers like criminals with things like DRM, but they are unable to protect their customers from actual criminals.
My iTunes account was just hacked…$400 worth! I found this out almost a week ago, and am getting NOWHERE on getting my money back! The bank says to go to iTunes. iTunes tells me to go to Paypal. Paypal tells me to go to my bank. WTF??? I just want my money!!!
This is still going on. My account was charged 3600 dollars for World War Desert Edition honor points. Since I dont have an ipad or iphone I never figured I would get hit. I have a gen 3 nano. I have not logged into my account in over a year yet I was hit. Anyone can get hit and iTunes will do nothing about it
Yep, happened to me yesterday Oct. 16. They wiped out my store credit so don’t let them tell you gift cards are the safe way to go. I don’t have an iphone either. Sounds like itunes has a sticky mess they don’t want to talk about and don’t know how to fix.
This is shameful ir shocks because it is apple, big company hacked by a vietnamese dude.
http://www.jinnlife.com/85/affordable-android-tablet/
The usual idea is that you would use NFC to set up the link between the two devices and then do an automatic hand over to a different protocol for doing the actual transfer of data – eg Bluetooth,iphone 5
http://www.iphone-5-release.net | We Are The Top Source of Up To Date News, Information, and Rumors About the iPhone 5, iPhone 6. Our Team Updates You Hourly So You Are Always Informed.(http://iphone-5-release.net/)