I've been HACKED (iTunes)

Forums › Apple iOS and devices › I've been HACKED (iTunes)

1 | 2

nzkiwiman

1628 posts

Uber Geek
+1 received by user: 127

Reply # 746849 18-Jan-2013 13:34

ubergeeknz: How are you sure they didn't figure out your password? Is it very, very strong?

I am not sure, and no password is very very strong.
I can't even find an answer to how many incorrect attempts you get at your password before it need to be reset.

SaltyNZ

3828 posts

Uber Geek
+1 received by user: 1422

Trusted

Subscriber

Reply # 746852 18-Jan-2013 13:39

nzkiwiman:
ubergeeknz: How are you sure they didn't figure out your password? Is it very, very strong?

I am not sure, and no password is very very strong.
I can't even find an answer to how many incorrect attempts you get at your password before it need to be reset.

They may have got in via another service. A tech journo -- for Ars Technica, I think? -- got hacked about 6 months back by social engineering through Amazon, to get the details needed to social engineer Apple, and from there carried on to basically wipe him out. I'll try to find the link.

Edit -- Wired, not Ars.

iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

dolsen

1079 posts

Uber Geek
+1 received by user: 107

Trusted

Subscriber

Reply # 746885 18-Jan-2013 14:23

alasta: I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why.
.

Perhaps a higher level crock getting domains for their infected machines to report back to?

dclegg

2414 posts

Uber Geek
+1 received by user: 461

Trusted

Reply # 746888 18-Jan-2013 14:27

SaltyNZ:
They may have got in via another service. A tech journo -- for Ars Technica, I think? -- got hacked about 6 months back by social engineering through Amazon, to get the details needed to social engineer Apple, and from there carried on to basically wipe him out. I'll try to find the link.

Edit -- Wired, not Ars.

Wow, thats a very scary, and eye opening read. Thanks for the link, Salty.

naggyman

672 posts

Ultimate Geek
+1 received by user: 79

Subscriber

Reply # 746897 18-Jan-2013 15:07

The saddest thing is that they used the Apple ID to wipe the person's iPhone, iPad, iMac and Macbook. All possible copies were wiped. I feel so sad for him.

Morgan French-Stagg

morgan.french.net.nz

nzkiwiman

1628 posts

Uber Geek
+1 received by user: 127

Reply # 746898 18-Jan-2013 15:07

Interesting link

I only have one iDevice (the iPod) and the password before the hack was unique.

Kyanar

2917 posts

Uber Geek
+1 received by user: 414

Trusted

Subscriber

Reply # 746916 18-Jan-2013 15:42

nzkiwiman:
ubergeeknz: How are you sure they didn't figure out your password? Is it very, very strong?

I am not sure, and no password is very very strong.
I can't even find an answer to how many incorrect attempts you get at your password before it need to be reset.

According to this KB article, they do lock your account after several failed password attempts. I think I've seen this before and it was three that triggered it.

alasta

3576 posts

Uber Geek
+1 received by user: 497

Trusted

Subscriber

Reply # 746976 18-Jan-2013 16:57

dolsen:
alasta: I used to work for a major domain name registrar and we used to frequently get waves of credit card fraud where overseas scammers would use stolen cards to register useless domain names (e.g. 'abcqwexyz.com'). You have to wonder why.
.

Perhaps a higher level crock getting domains for their infected machines to report back to?

Good thought, although as far as I recall the vast majority never set up DNS - they just left the domains parked on our servers.

da5id

418 posts

Ultimate Geek
+1 received by user: 34

Reply # 747295 19-Jan-2013 11:19

I somehow got hacked late last year but not via iTunes.
The bank rang me up and said they'd noticed suspicious activity on my credit card, and had I purchased things at 1am that morning etc. I said no. It seemed like someone had used by credit card to purchase Skype credits - only it was meant to look like Skype but wasn't really.

The bank (ASB) was very helpful and rang me every couple of days giving me updates. They said that although the purchase had been made they were waiting for it to go through (or not), and if it did they would send me some kind of reimbursement form etc.

In the end it never went through, or else they reimbursed me, as the money was restored to my account.

In the end (just to make sure) I bought and installed Zemana anti-logger.

Just an extra point to make - one time I paid online for my vehicle registration via the VTNZ website. They use some plugin called POLi, which is a kind of interface between the bank and VTNZ which supposedly is not secure. I read a warning message on the ASB website saying not to use POLi as they spoof or mirror the original bank site to make it look like the actual bank site (when they are not). They have stopped spoofing the look now but ASB still warns against it.

https://www.asb.co.nz/story24389.aspx

nzkiwiman

1628 posts

Uber Geek
+1 received by user: 127

Reply # 748265 21-Jan-2013 15:50

Well, got home from work on Friday and found an email from Apple.
They had re-created my account (and after double checking they mean the credit card) with the amount charged, and then blocked my account again until I removed some saved data and then contacted another team to re-enable my account.

I think my account is mine, have changed the password 3 times over the weekend just in case.
Have lost the 98 cents store credit I had but I can't be bothered going back through and contacting them.

khull

1241 posts

Uber Geek
+1 received by user: 134

Reply # 748290 21-Jan-2013 16:41

I know of close friends who got hacked and they were using strong passwords, seems like the way they got compromised was through social engineering and entering their iTunes credentials somehow.

nzkiwiman

1628 posts

Uber Geek
+1 received by user: 127

Reply # 913488 11-Oct-2013 10:11

Been a while (I was looking through some of my old posts looking for something else and saw this)
A few months ago I was looking at iTunes and noticed I had $124.99 credit on my account.

This happens to be the amount of the in-app purchase that my account (but not credit card) was used for.

So did Apple refund me in store credit even though the purchase was done on a credit card, or is the 'credit' not actually credit?

Being an Android user and only having an old iPod my need to purchase apps on iOS is greatly reduced. Sadly it doesn't seem like you can gift app purchases otherwise my father would get a few gifts this year for Xmas

Goosey

1214 posts

Uber Geek
+1 received by user: 64

Subscriber

Reply # 913501 11-Oct-2013 10:22

is the same credit avalible from the itunes store? I assume itunes store and the app store are using the same account login details etc !

nzkiwiman

1628 posts

Uber Geek
+1 received by user: 127

Reply # 913519 11-Oct-2013 10:39

iTunes and the App store are in sync showing the same amount of credit

Goosey

1214 posts

Uber Geek
+1 received by user: 64

Subscriber

Reply # 913528 11-Oct-2013 10:50

nzkiwiman: iTunes and the App store are in sync showing the same amount of credit

and theres the answer... plenty of music, videos and books? on itunes to buy then !
you know you can download to PC right? then sync your andriod device using the itunes playlist (my sony xperia pc software lets me do this... im sure your phones pc software will offer similar).

edit: im running my xperia pc software on mac and pc.

1 | 2