Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

nwlondonlad

macrumors 65816
Original poster
Sep 20, 2007
1,015
729
UK London
I'm curious as to how it originally happened. Is it a jail broken device?
None of my devices are jailbroken and it wasn't the devices that were compromised as they were all in my possession. They just managed to get into my itunes account most likely online.
 

yaboyac29

macrumors 6502a
Sep 24, 2014
651
468
I've had my iTunes account since 2007 and do not remember any of my security questions. It won't let me enable 2 step unless I call them. Will do it next week.
 

MacinMan

macrumors 65816
Jan 27, 2011
1,373
778
Denham Springs, LA
Just read through this thread based on a post on my facebook wall from Macrumors. Thankfully I've had 2 step enabled for quite a while now. It's a little more work and a few more steps as it asks for verification for any new device or os reinstall, purchase etc. but it seems to be well worth it. I did have a situation a while back that I had created a second account for testing because I was having issues with my main account (which have been resolved( but the new account password was changed and the account was no longer accessible, I thought it was hacked. The good news is apple had removed it because they thought it was fraud. well, if it had been I would have been grateful, since it wasn't i was annoyed. but, when in prospective i'm glad they do watch activity and do what they can to protect information for users.

Anyway to end the story my account has been fine through this day. I think i've had it since 2006 maybe a little befor, i'll have to check, but for this post it really doesn't matter.
 

navaira

macrumors 68040
May 28, 2015
3,932
5,161
Amsterdam, Netherlands
Damn. I waited long enough to get asked other security questions and I still can't log in. I'm 100% sure I know the correct answers, but they don't work. I'll call tomorrow. :/ My account doesn't seem to be compromised in any way, neither is my credit card, but I can't answer the security questions correctly.
 

leebroath

macrumors 65816
Jul 26, 2010
1,357
950
Scotland
I had my itunes account hacked a few months ago also, they hacked in and changed my password then purchased some Shark game in-apps. When I eventually accessed my account, I noticed the secret questions had been entered as Chinese and they spent around £35, also deleted my payment card for some reason.

Managed to change everything back and create a new password, Apple also refunded my money and gave me 5 single downloads and 3 movie rentals for free :)
 

nwlondonlad

macrumors 65816
Original poster
Sep 20, 2007
1,015
729
UK London
I had my itunes account hacked a few months ago also, they hacked in and changed my password then purchased some Shark game in-apps. When I eventually accessed my account, I noticed the secret questions had been entered as Chinese and they spent around £35, also deleted my payment card for some reason.

Managed to change everything back and create a new password, Apple also refunded my money and gave me 5 single downloads and 3 movie rentals for free :)

Lee, excatly word for word is what happened. Changed username and security questions came up in Chinese. I even translated it and it came up as what was your fav childhood book? I never choose this as a question.

They downloaded 2 fish like games and spent all the funds on in-app purchases
 
  • Like
Reactions: leebroath

penandtester

macrumors newbie
Jan 3, 2016
1
0
USA
Yep that part should be fine, i'm just shocked how someone can actually hack into my iTunes account and then change it to their own. Its almost like someone broke into your home and changed the locks so you can't even get in let alone see what damage has been done.

Did Apple refund you on any credit that was used?

One of the biggest issues with utilizing the Internet is security. It shouldn't be a shock to you that someone could hack you. Anything can be hacked. All that is needed is motivation, resources, tools, and a bit of knowledge.

Security is all about layers. If all a person has is a password protecting their personal information then it's easy to whip up a password cracker. If they happen to be savvy and create an uncrackable password then that's nothing a little social engineering can't fix.

Someone suggested implementing 2-step verification. I would take that advice. You should also think about having a secure no log VPN service that you can activate any time you are putting information such as user account details, credit card information, and security questions.

Keep all of the web browsers you use updated so any vulnerabilities can be patched up.

Be careful with your email. Don't click any links that you do not trust.

Hope this experience has helped to solidify the seriousness of putting security as a priority.
 

leebroath

macrumors 65816
Jul 26, 2010
1,357
950
Scotland
Lee, excatly word for word is what happened. Changed username and security questions came up in Chinese. I even translated it and it came up as what was your fav childhood book? I never choose this as a question.

They downloaded 2 fish like games and spent all the funds on in-app purchases

Did you receive any free movies or music downloads from Apple?

I know they don't need to provide you with this but it was was nice gesture from them :)
 

RootBeerMan

macrumors 65816
Jan 3, 2016
1,475
5,270
Just turned on 2 step, due to reading this. I've been receiving phishing emails from dirtbags posing as iTunes and Apple for months now, looking to get hold of my password and whatever info they can gather. Fortunately, I have never replied to any of these, since Apple would never ask for my password in an email. Hopefully no-one falls for that. I also do not attach a credit or debit card to my account. If you had to I'd suggest using a over the counter Visa/MC with a set amount. Usually, I just apply iTunes cards to the account. Much safer.
 

AaronE

macrumors 6502
Dec 31, 2006
393
78
North Carolina
I received this email on Christmas Day. Funny thing is the only 4S I ever owned is now in my sister's possession. After reading this thread I promptly enabled 2 Step Authentication.

Untitled-1.jpg
 

algengler

macrumors newbie
Feb 17, 2010
11
2
tennessee
Happened to me a year ago. I changed it and it was changed almost immediately. I had to create an email address I ONLY use for my apple id and nothing else. I created also a recovery email and a very complicated password and wen to two step verification. It was a pain. It seemed like an old apple-id hack that apple claims they fixed. I don't believe them.
 

Carmenia83

macrumors 6502
Feb 25, 2012
375
499
I had 2 step on but I turned it off after months of constantly badgering me for passwords on all my devices everyday.
 

Minivanmom

macrumors newbie
Nov 19, 2015
4
1
Northeast, USA
This thread is very timely for me. I've been using two step verification for some time but yesterday when I put my password in to buy an app, it didn't work and I had to reset it, which, after putting in my recovery code I did. No money was lost from the account and I thought it strange that my old password didn't work, but now perhaps there was an attempt at hacking. In any event, I'm glad I have two-step verification, even if it is a bit of a pain now and then.
 
  • Like
Reactions: arn

bufffilm

Suspended
May 3, 2011
4,227
2,536
There are any multitude of ways that an Apple ID can be hacked.

Whether's it was an easy password, using a kiosk or public computer, your own computer that got infected with virus or malware, whatever...just makes sense to use 2FA or other protocols to make things more secure.

Otherwise, you may repent later on.
 

nwlondonlad

macrumors 65816
Original poster
Sep 20, 2007
1,015
729
UK London
Apple offered me £50 compensation but jez the terms and conditions are crazy

* You can't use to purchase apps or digital content
* You can't buy gift cards
*You cant use for apple watch or apple watch accessories
*You can't use as part payment for an Apple product over £50
 

convergent

macrumors 68040
May 6, 2008
3,034
3,083
Damn. I waited long enough to get asked other security questions and I still can't log in. I'm 100% sure I know the correct answers, but they don't work. I'll call tomorrow. :/ My account doesn't seem to be compromised in any way, neither is my credit card, but I can't answer the security questions correctly.


Based on this thread I was going to go in and setup 2 factor. I don't remember ever setting up the security questions and the first thing it did when I tried to setup 2 factor was ask me those questions. The questions it asked were not ones I would have chosen... at least on of them "What was your least favorite car?" and the questions that I do use didn't accept the answers I commonly use No signs the account was hacked, but the questions were screwed up.

I went to contact support and discovered that all the devices that it listed were mostly old devices. There were 6 newer iPhones, iPads, and an Apple Watch that weren't listed. Forgot that this has to be manually added. So I added my 6s Plus and then was able to get to someone on the phone in about 2 minutes. Because I was logged in, and on my Mac, she was able to do two quick things with my account and device to verify I was me and then she reset the questions. The whole thing took about 5 minutes. It is making me wait to setup 2 factor for a while for a couple of days. I received an email to that effect, so if your account is hacked I'd think you'd be getting emails as the process si going on. I got several from just what I changed.
 
  • Like
Reactions: navaira

Boyd01

Moderator
Staff member
Feb 21, 2012
7,947
4,879
New Jersey Pine Barrens
I setup my own system for recording things like security questions and passwords a number of years ago. One of these days I will take a closer look at some of the commercial products available for this, but my system is working well.

This thread should be a good reminder that you need to develop a discipline to keep accurate records about all your accounts, including security question answers.
 

nwlondonlad

macrumors 65816
Original poster
Sep 20, 2007
1,015
729
UK London
Based on this thread I was going to go in and setup 2 factor. I don't remember ever setting up the security questions and the first thing it did when I tried to setup 2 factor was ask me those questions. The questions it asked were not ones I would have chosen... at least on of them "What was your least favorite car?" and the questions that I do use didn't accept the answers I commonly use No signs the account was hacked, but the questions were screwed up.

I went to contact support and discovered that all the devices that it listed were mostly old devices. There were 6 newer iPhones, iPads, and an Apple Watch that weren't listed. Forgot that this has to be manually added. So I added my 6s Plus and then was able to get to someone on the phone in about 2 minutes. Because I was logged in, and on my Mac, she was able to do two quick things with my account and device to verify I was me and then she reset the questions. The whole thing took about 5 minutes. It is making me wait to setup 2 factor for a while for a couple of days. I received an email to that effect, so if your account is hacked I'd think you'd be getting emails as the process si going on. I got several from just what I changed.

Yeah takes a few days for 2 step to be enabled if you had to make a rest to your security questions. The good thing is once 2 step is enabled it replaces the security questions so it will never prompt you for those again
 

Paco II

macrumors 68020
Sep 13, 2009
2,288
706
Nowadays the question should be 'what do I *not* need two factor enabled for?' For me it's enabled for everything even remotely important. Only not enabled for truly trivial accounts. I've come to expect it, and disappointed when it's not available.

Finally decided to stop being lazy and enabled two-step after reading this.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.