Have you been iTunes hacked?

Forums › Off topic › Have you been iTunes hacked?

1gkar

722 posts

Ultimate Geek

#64090 7-Jul-2010 20:45

Having watched tonight's edition of Fairgo, where it showed the problems Apple are having with their iTunes' customer's accounts being hacked, & their cards being maxed out, I am wondering the best way to solve this issue long term.

I have since gone online & removed my credit card details, & will do this after every purchase from now on. BUT, what a hassle, not to mention the issue with having to remember to do this everytime.

I personally prefer to use a third party hold ing account, like Paypal. But can you imagine Apple allowing this type of purchasing transaction? As far as I am concerned, it should be a mandatory option for any online purchasing account, especially given their pathethic treatment of the guy involved (& many others, I assume) in the article.

What are your ideas & thoughts on the matter.

Silverstone LC14 HTPC Case/Intel E4600 CPU/GA-EP35-DS3 MOBO/Asus EN9500GT graphics/2GB RAM/total 2TB HDD space/HVR-2200 & 2X 150MCE tuner cards/LG GGC-H20L BD Drive/MCE2005/Mediaportal/TVServer 1.1.0Final/LG 55"3D LED-TV/Denon AVR-1803 receiver/X1 projector

1 | 2

19282 posts

Uber Geek
Inactive user

#348849 7-Jul-2010 20:49

Is the issue with itunes though or is it end user education?

1gkar

722 posts

Ultimate Geek

#348856 7-Jul-2010 21:01

johnr: Is the issue with itunes though or is it end user education?

How do you mean? If someone downloads the iTunes software, installs it, & configures their credit card details in their account setup, what other education is required? This is supposed to be a safe, & secure software.

Unless the people are being duped by phishing sites, etc. According to the article, this was someone who has used Apple software for sometime. One thing I did notice, was it showed the person using his notebook on the side of the road. Can sensitive information, like passwords, be intercepted using wifi? Don't know as I've never used wifi myself.

Chippo

129 posts

Master Geek

Trusted

#348863 7-Jul-2010 21:25

Use a good password manager and have unique passwords for everything. Without your iTunes password this attack wouldn't have worked. If you have to go look it up before giving it someone, you're probably going to double think what you're doing.

First step if you suspect any type of misuse, call the bank. Second, change your passwords. The case they talked about on Fair Go sounded like he let it continue for a week, it didn't occur to him to change his password? This would have stopped the transactions immediately!

If you use the same password for every day forums and blogs that you do for iTunes (or Paypal, or xbox or any other online service which saves your CC details) you may as well be sign writing your credit card details on the side of your car. There's been enough education now that you shouldn't be using "password12" on every site on the internet, then still complain when someone "Hacks" you.

I work for a global Data Protection Software company - But my opinions are my own.

ZollyMonsta

3009 posts

Uber Geek

ID Verified

Trusted

#349067 8-Jul-2010 13:10

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10657292

"Apple locks down iTunes after app fraud episode"

Interesting. So this change (requiring the CV number off card for each purchase request) could help stamp out what happened to the guy on Fair Go.

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

As per the usual std disclaimer.. "All thoughts typed here are my own."

josephhinvest

1543 posts

Uber Geek

ID Verified

Trusted

#349071 8-Jul-2010 13:25

... it showed the problems Apple are having with their iTunes' customer's accounts being hacked, & their cards being maxed out

Hmm. There's no evidence his account was "hacked".
Using a weak password, or a weak security question that can be easily guessed (Sarah Palin email etc) does not count as being hacked! Responding to a phishing email, this too is not being hacked.

I like the bit in Fair Go when they go to Magnum Mac, and then Renaissance, and they are all amazed that they cannot answer questions about the iTunes store. Hint: Magnum Mac and Renaissance are NOT Apple!.
Also, emailing Steve Jobs (this does actually work sometimes) and not getting a reply back straight away, is hardly surprising.

Also, Fair Go, I like what you do, but that story was so full of fluff and dross, it was almost unwatchable!

Cheers,
Joseph.

heavenlywild

5049 posts

Uber Geek

Trusted

#349072 8-Jul-2010 13:33

We really need a new form of password for all of our accounts. Rather than having 100s of passwords, usernames etc, maybe it's time to use finger reader technology?

Buying a Tesla? Use my Tesla referral link and we both get discounts and credits.

geekiegeek

2513 posts

Uber Geek
Inactive user

#349074 8-Jul-2010 13:56

or perhaps a barcode on the forehead that can be read by a webcam ;-)

Backblaze

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).

robbyp

1199 posts

Uber Geek

#349076 8-Jul-2010 13:58

jofizz:
... it showed the problems Apple are having with their iTunes' customer's accounts being hacked, & their cards being maxed out

Hmm. There's no evidence his account was "hacked".
Using a weak password, or a weak security question that can be easily guessed (Sarah Palin email etc) does not count as being hacked! Responding to a phishing email, this too is not being hacked.

I like the bit in Fair Go when they go to Magnum Mac, and then Renaissance, and they are all amazed that they cannot answer questions about the iTunes store. Hint: Magnum Mac and Renaissance are NOT Apple!.
Also, emailing Steve Jobs (this does actually work sometimes) and not getting a reply back straight away, is hardly surprising.

Also, Fair Go, I like what you do, but that story was so full of fluff and dross, it was almost unwatchable!

Cheers,
Joseph.

Plus aren't Magnum Mac, and Renaissance the same company anyway, or at least MM is owned by R.

heavenlywild

5049 posts

Uber Geek

Trusted

#349080 8-Jul-2010 14:00

geekiegeek: or perhaps a barcode on the forehead that can be read by a webcam ;-)

Or verify via DNA. Wait, then again we don't want people to start licking their monitors, haha.

Buying a Tesla? Use my Tesla referral link and we both get discounts and credits.

josephhinvest

1543 posts

Uber Geek

ID Verified

Trusted

#349082 8-Jul-2010 14:03

Further to last comment, please ignore the ranting nature of this post...

I like Fair Go, but they are clearly biased on side of the consumer (this is fair enough, unless you distort the facts).

From the Fair Go story "If you google "iTunes account hacked" you will find 1.45 million results."
I googled "iTunes account hacked" (without quotes, at Google.com, not Google.co.nz) and I get 1.6 million results.
However, if I Google "iTunes account security" again without the quotes, there are 2.2M results,
and if I Google "iTunes account monkeys", again without the quotes, there are 1.9M results. Does this mean millions of monkeys have iTunes accounts?
Also Google search results are NOT "entries" they are "results" and many, many are duplicated.

Fair Go, you need to learn about search engine syntax, refer Google Search Basics

If you google "iTunes account hacked" WITH the quotes, there's around 111,000 hits.

"But we couldn't find anyone in New Zealand from Apple who could discuss iTunes…"
This is unsurprising as there ISN'T anyone in New Zealand from Apple. Period. Renaissance are a Licenced Distribitor, and service provider etc, but they are certainly NOT Apple. Renaissance have no more information about the inner workings of the iTunes music store than anyone else that sells Apple products.

"We think Josh might have fallen victim to a phishing email someone posing as Apple. This means he has been asked to change his password....watch out for those."

This should be a much bigger part of the story! It's dealt with in two sentences, but could quite possibly be the whole story.

Also, regarding the dross and fluff in the story…

"One of its program developers is barred from iTunes for fraudulent activity".
Is this a bad thing they were caught?

More than 30 seconds spent showing what kind of music he played at his "90's party". Get on with the story!!!

Also describing purchasing music "You go online, you pick your favourite music, you put in your credit card details, hey presto, instant music". This suggests you can "casually" buy music from iTunes, but this is not correct, you have to create an account. WITH A PASSWORD.

Josh Bridgman - the "hacked" customer.
"As far as I was concerned, it was Apple's security that failed, I thought they were a pretty safe company to go with…"
Refer Fair Go's OWN COMMENT that he may have been phished.

The "Confessions of an Apple Addict" part of the story. Shadowed faces etc etc, what a crock. A whole minute of this!

"Our man Josh was a follower, until hackers pinched eight hundred dollars, and Apple didn't want to know".

"Hackers"... "Pinched"... it's emotive language, but it doesn't necessarily reflect the facts.

Anyway, end of rant.

Cheers,
Joseph.

josephhinvest

1543 posts

Uber Geek

ID Verified

Trusted

#349083 8-Jul-2010 14:03

Plus aren't Magnum Mac, and Renaissance the same company anyway, or at least MM is owned by R.

Yep, this is correct.

josephhinvest

1543 posts

Uber Geek

ID Verified

Trusted

#349087 8-Jul-2010 14:14

ZollyMonsta: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10657292

"Apple locks down iTunes after app fraud episode"

Interesting. So this change (requiring the CV number off card for each purchase request) could help stamp out what happened to the guy on Fair Go.

From the article, the critical sentence...

"Apple said users of the hugely popular online store would be asked to make more frequent entries of the CCV code on their credit cards when making purchases or accessing iTunes from a new computer."

Emphasis mine.
From a new computer, presumably this means a newly authorized machine, one that has not previously accessed the iTunes store before. This seems like a sensible precaution, but it's hardly "locking down". Also it does not state for each purchase, but just "more frequent"

Cheers,
Joseph.

robbyp

1199 posts

Uber Geek

#349092 8-Jul-2010 14:31

jofizz:
ZollyMonsta: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10657292

"Apple locks down iTunes after app fraud episode"

Interesting. So this change (requiring the CV number off card for each purchase request) could help stamp out what happened to the guy on Fair Go.

From the article, the critical sentence...

"Apple said users of the hugely popular online store would be asked to make more frequent entries of the CCV code on their credit cards when making purchases or accessing iTunes from a new computer."

Emphasis mine.
From a new computer, presumably this means a newly authorized machine, one that has not previously accessed the iTunes store before. This seems like a sensible precaution, but it's hardly "locking down". Also it does not state for each purchase, but just "more frequent"

Cheers,
Joseph.

It is not legal for Apple to store the CCV code in any form, as per the credit card companies rules, so that would make sense.

Byrned

455 posts

Ultimate Geek

#349093 8-Jul-2010 14:32

I used to be an avid watcher of Fair Go, but lately I find there stories far too sensationalist. Rather than focusing on what needs the most attention, they're now going for what's going to get the best headlines, all for better ratings.

Poor Kevin Milne must be rolling in his grave, and the poor guy hasn't even left the show!

robbyp

1199 posts

Uber Geek

#349094 8-Jul-2010 14:37

Byrned: I used to be an avid watcher of Fair Go, but lately I find there stories far too sensationalist. Rather than focusing on what needs the most attention, they're now going for what's going to get the best headlines, all for better ratings.

Poor Kevin Milne must be rolling in his grave, and the poor guy hasn't even left the show!

I find the stories boring and dumbed down this year. The story about the earrings was the most boring story I have seen, and was almost an advertorial for the warehouse. The guy who purchased them clearly made an error, and 'assumed' something, rather than check.

1 | 2