I've been HACKED (iTunes)

Check our new Geekzone Price Comparison web site for electronics prices in New Zealand.

Forums › Apple iOS › I've been HACKED (iTunes)

1 | 2

nzkiwiman

406 posts

Ultimate Geek

Reply # 746849 18-Jan-2013 13:34
ubergeeknz: How are you sure they didn't figure out your password? Is it very, very strong? I am not sure, and no password is very very strong. I can't even find an answer to how many incorrect attempts you get at your password before it need to be reset.

SaltyNZ

2097 posts

Uber Geek

Trusted

Subscriber

Reply # 746852 18-Jan-2013 13:39
nzkiwiman: ubergeeknz: How are you sure they didn't figure out your password? Is it very, very strong? I am not sure, and no password is very very strong. I can't even find an answer to how many incorrect attempts you get at your password before it need to be reset. They may have got in via another service. A tech journo -- for Ars Technica, I think? -- got hacked about 6 months back by social engineering through Amazon, to get the details needed to social engineer Apple, and from there carried on to basically wipe him out. I'll try to find the link. Edit -- Wired, not Ars. iPad + iPhone 4S + 2degrees 3G data 4tw! These comments are my own and do not represent the opinions of 2degrees.

dolsen

622 posts

Ultimate Geek

Subscriber

Reply # 746885 18-Jan-2013 14:23
alasta: I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why. . Perhaps a higher level crock getting domains for their infected machines to report back to?

dclegg

922 posts

Ultimate Geek

Trusted

Reply # 746888 18-Jan-2013 14:27
SaltyNZ: They may have got in via another service. A tech journo -- for Ars Technica, I think? -- got hacked about 6 months back by social engineering through Amazon, to get the details needed to social engineer Apple, and from there carried on to basically wipe him out. I'll try to find the link. Edit -- Wired, not Ars. Wow, thats a very scary, and eye opening read. Thanks for the link, Salty.

naggyman

510 posts

Ultimate Geek

Reply # 746897 18-Jan-2013 15:07
The saddest thing is that they used the Apple ID to wipe the person's iPhone, iPad, iMac and Macbook. All possible copies were wiped. I feel so sad for him. The Naggyman! http://naggyman.wordpress.com

nzkiwiman

406 posts

Ultimate Geek

Reply # 746898 18-Jan-2013 15:07
Interesting link I only have one iDevice (the iPod) and the password before the hack was unique.

Kyanar

1939 posts

Uber Geek

Trusted

Subscriber

Reply # 746916 18-Jan-2013 15:42
nzkiwiman: ubergeeknz: How are you sure they didn't figure out your password? Is it very, very strong? I am not sure, and no password is very very strong. I can't even find an answer to how many incorrect attempts you get at your password before it need to be reset. According to this KB article, they do lock your account after several failed password attempts. I think I've seen this before and it was three that triggered it.

alasta

2302 posts

Uber Geek

Trusted

Subscriber

Reply # 746976 18-Jan-2013 16:57
dolsen: alasta: I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why. . Perhaps a higher level crock getting domains for their infected machines to report back to? Good thought, although as far as I recall the vast majority never set up DNS - they just left the domains parked on our servers.

da5id

372 posts

Ultimate Geek

Reply # 747295 19-Jan-2013 11:19
I somehow got hacked late last year but not via iTunes. The bank rang me up and said they'd noticed suspicious activity on my credit card, and had I purchased things at 1am that morning etc. I said no. It seemed like someone had used by credit card to purchase Skype credits - only it was meant to look like Skype but wasn't really. The bank (ASB) was very helpful and rang me every couple of days giving me updates. They said that although the purchase had been made they were waiting for it to go through (or not), and if it did they would send me some kind of reimbursement form etc. In the end it never went through, or else they reimbursed me, as the money was restored to my account. In the end (just to make sure) I bought and installed Zemana anti-logger. Just an extra point to make - one time I paid online for my vehicle registration via the VTNZ website. They use some plugin called POLi, which is a kind of interface between the bank and VTNZ which supposedly is not secure. I read a warning message on the ASB website saying not to use POLi as they spoof or mirror the original bank site to make it look like the actual bank site (when they are not). They have stopped spoofing the look now but ASB still warns against it. https://www.asb.co.nz/story24389.aspx

nzkiwiman

406 posts

Ultimate Geek

Reply # 748265 21-Jan-2013 15:50
Well, got home from work on Friday and found an email from Apple. They had re-created my account (and after double checking they mean the credit card) with the amount charged, and then blocked my account again until I removed some saved data and then contacted another team to re-enable my account. I think my account is mine, have changed the password 3 times over the weekend just in case. Have lost the 98 cents store credit I had but I can't be bothered going back through and contacting them.

khull

634 posts

Ultimate Geek

Reply # 748290 21-Jan-2013 16:41
I know of close friends who got hacked and they were using strong passwords, seems like the way they got compromised was through social engineering and entering their iTunes credentials somehow.

1 | 2