Hacked!

Yesterday was NOT a happy day. It was supposed to be a good day, but wasn’t.

Hubby had to work, and Little Grump had a Girl Scout function.  So I was really looking forward to spending some quality time on me.  I don’t do that often, and I really can’t remember the last time that I had some quality me-time.  So I was really looking forward to it.  (Selfish, I know… But sometimes sanity is preserved by being a little “selfish” from time to time.)

Unfortunately, I didn’t get to do that. Instead, I spent the day on the phone with Apple and then my bank.

Last weekend, I tried to log into my Apple Store account.  Hubby told me that I could purchase a software package for my birthday, and I’d finally made up my mind which one I really wanted.  Unfortunately, when I went to log in, I was told that my user id and/or password were wrong.

I assumed at first that the problem was related to a recent Snow Leopard upgrade on my MacBook Pro.  I was really busy at work all week, but finally on Friday, I had a chance to check from the computers at work.  Same problem.  When I tried to recover my password, I got a really strange “unrecognized error”.  I also tried my iTunes account and got the same error.

Saturday was busy, so on Sunday, I decided to get serious about the problem.  It was a very good thing I did.  At first, Apple Support told me that the problem was that my password was wrong.  After several email exchanges, I finally had given them enough proof for my account for them to reset my password.  When I received the new password (along with the email address for the account), I knew right away something was seriously wrong.  The email address was unknown to me (and part of a domain registered in China).

When I logged into iTunes, I had all of the confirmation of problems that I needed. My birth date had been changed, the challenge question had been changed, and about $600 worth of games for the iPod Touch and iPhone had been purchased through iTunes.

I don’t now nor have I ever owned one of those devices.

I quickly contacted Apple again.  Their response?  You’d think that it would be alarm, indignation, protective feelings over their customer, or something like that.  Right?  Wrong!  They said that there was nothing they could do and that they would only hand over information about the transactions to my bank if I opened an investigation through the bank.

I did indeed call my bank.   I was surprised to find that mine was the fourth call the rep had received yesterday with very similar issues.  It seems that there is a ring of scumbags out there that is hacking into iTunes accounts, changing the contact information to lock out the rightful owners, and then selling the account information to whoever wants to pay for it.

My bank (thank God for them!) is crediting my account back the money that was lost to these jerks.  But until then, all of my accounts are getting new cards issued.  God only knows how far these thieves got with my other information.

After getting off the phone with the bank, I did some investigation.  If you search for “iTunes hack” on Google, you’ll find lots of similar stories.  This has been going on for some time, and Apple knows about it, but doesn’t seem to care.  If they did, they would change their set-up so that a notification message is sent to the old email address when an email address and challenge information is changed.  Or they would put some controls on their system to prevent or verify that someone really intended to purchase hundreds of dollars worth of material in one day.  Or check to see if it makes sense that the credit card belongs to an American address but the email address is from China.  Or ANYTHING.

My interpretation of Apple’s actions is that they could care less who purchased items through iTunes.  They have their money, and they’d actually lose money if they refunded the cost of the purchase.

Hubby doubts that Apple will do anything about it until the banks start leaning on Apple to fix things.  He also doubts that the banks will actually do that.  Unfortunately, I tend to agree.  To us, $600 is a whole bunch of money (!!!!!), but to the bank, it’s a drop in the bucket.  If it would take the bank and its collectors more than a few hours to track down, nail, and prosecute the lowlifes that do this kind of thing, they probably find it more cost-effective to just refund the customer and move on.  This is especially true when the perpetrators are outside US jurisdiction.

If there’s anything of value to be gained in this, it’s that hopefully others can learn from my mistake.  When iTunes offers to allow you to store your information, just say “No!”  They can’t be trusted to protect it or to pursue those who abuse the information.

5 thoughts on “Hacked!

  1. Julia

    As awful as it is, thanks for sharing your story. I’m going to let my sister know about the problem.

    “When iTunes offers to allow you to store your information, just say “No!” They can’t be trusted to protect it or to pursue those who abuse the information.”

    Very well said.

  2. Pingback: One bad Apple can spoil a whole day « Bookgrump

Leave a Reply

Your email address will not be published. Required fields are marked *