None of my devices are jailbroken and it wasn't the devices that were compromised as they were all in my possession. They just managed to get into my itunes account most likely online.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iTunes account hacked
- Thread starter nwlondonlad
- Start date
-
- Tags
- apps itunes two-factor
- Sort by reaction score
I was asking to see whether there were apps or music loaded from alternate sources beyond iTunes.
In September 225,000 accounts were hacked as a result of dodgy Chinese apps. Those devices were jailbroken.
http://money.cnn.com/2015/09/01/technology/apple-iphone-account-hack/
That's what I was trying to figure out. The vehicle.
In September 225,000 accounts were hacked as a result of dodgy Chinese apps. Those devices were jailbroken.
http://money.cnn.com/2015/09/01/technology/apple-iphone-account-hack/
That's what I was trying to figure out. The vehicle.
Just read through this thread based on a post on my facebook wall from Macrumors. Thankfully I've had 2 step enabled for quite a while now. It's a little more work and a few more steps as it asks for verification for any new device or os reinstall, purchase etc. but it seems to be well worth it. I did have a situation a while back that I had created a second account for testing because I was having issues with my main account (which have been resolved( but the new account password was changed and the account was no longer accessible, I thought it was hacked. The good news is apple had removed it because they thought it was fraud. well, if it had been I would have been grateful, since it wasn't i was annoyed. but, when in prospective i'm glad they do watch activity and do what they can to protect information for users.
Anyway to end the story my account has been fine through this day. I think i've had it since 2006 maybe a little befor, i'll have to check, but for this post it really doesn't matter.
Anyway to end the story my account has been fine through this day. I think i've had it since 2006 maybe a little befor, i'll have to check, but for this post it really doesn't matter.
Damn. I waited long enough to get asked other security questions and I still can't log in. I'm 100% sure I know the correct answers, but they don't work. I'll call tomorrow. :/ My account doesn't seem to be compromised in any way, neither is my credit card, but I can't answer the security questions correctly.
I had my itunes account hacked a few months ago also, they hacked in and changed my password then purchased some Shark game in-apps. When I eventually accessed my account, I noticed the secret questions had been entered as Chinese and they spent around £35, also deleted my payment card for some reason.
Managed to change everything back and create a new password, Apple also refunded my money and gave me 5 single downloads and 3 movie rentals for free
Managed to change everything back and create a new password, Apple also refunded my money and gave me 5 single downloads and 3 movie rentals for free
I had my itunes account hacked a few months ago also, they hacked in and changed my password then purchased some Shark game in-apps. When I eventually accessed my account, I noticed the secret questions had been entered as Chinese and they spent around £35, also deleted my payment card for some reason.
Managed to change everything back and create a new password, Apple also refunded my money and gave me 5 single downloads and 3 movie rentals for free
Lee, excatly word for word is what happened. Changed username and security questions came up in Chinese. I even translated it and it came up as what was your fav childhood book? I never choose this as a question.
They downloaded 2 fish like games and spent all the funds on in-app purchases
Finally decided to stop being lazy and enabled two-step after reading this.
One of the biggest issues with utilizing the Internet is security. It shouldn't be a shock to you that someone could hack you. Anything can be hacked. All that is needed is motivation, resources, tools, and a bit of knowledge.
Security is all about layers. If all a person has is a password protecting their personal information then it's easy to whip up a password cracker. If they happen to be savvy and create an uncrackable password then that's nothing a little social engineering can't fix.
Someone suggested implementing 2-step verification. I would take that advice. You should also think about having a secure no log VPN service that you can activate any time you are putting information such as user account details, credit card information, and security questions.
Keep all of the web browsers you use updated so any vulnerabilities can be patched up.
Be careful with your email. Don't click any links that you do not trust.
Hope this experience has helped to solidify the seriousness of putting security as a priority.
Did you receive any free movies or music downloads from Apple?
I know they don't need to provide you with this but it was was nice gesture from them
Did you receive any free movies or music downloads from Apple?
I know they don't need to provide you with this but it was was nice gesture from them
Nope nothing, at the time i was just trying to get the whole issue resolved
Just turned on 2 step, due to reading this. I've been receiving phishing emails from dirtbags posing as iTunes and Apple for months now, looking to get hold of my password and whatever info they can gather. Fortunately, I have never replied to any of these, since Apple would never ask for my password in an email. Hopefully no-one falls for that. I also do not attach a credit or debit card to my account. If you had to I'd suggest using a over the counter Visa/MC with a set amount. Usually, I just apply iTunes cards to the account. Much safer.
I received this email on Christmas Day. Funny thing is the only 4S I ever owned is now in my sister's possession. After reading this thread I promptly enabled 2 Step Authentication.
Happened to me a year ago. I changed it and it was changed almost immediately. I had to create an email address I ONLY use for my apple id and nothing else. I created also a recovery email and a very complicated password and wen to two step verification. It was a pain. It seemed like an old apple-id hack that apple claims they fixed. I don't believe them.
I had 2 step on but I turned it off after months of constantly badgering me for passwords on all my devices everyday.
This thread is very timely for me. I've been using two step verification for some time but yesterday when I put my password in to buy an app, it didn't work and I had to reset it, which, after putting in my recovery code I did. No money was lost from the account and I thought it strange that my old password didn't work, but now perhaps there was an attempt at hacking. In any event, I'm glad I have two-step verification, even if it is a bit of a pain now and then.
There are any multitude of ways that an Apple ID can be hacked.
Whether's it was an easy password, using a kiosk or public computer, your own computer that got infected with virus or malware, whatever...just makes sense to use 2FA or other protocols to make things more secure.
Otherwise, you may repent later on.
Whether's it was an easy password, using a kiosk or public computer, your own computer that got infected with virus or malware, whatever...just makes sense to use 2FA or other protocols to make things more secure.
Otherwise, you may repent later on.
Apple offered me £50 compensation but jez the terms and conditions are crazy
* You can't use to purchase apps or digital content
* You can't buy gift cards
*You cant use for apple watch or apple watch accessories
*You can't use as part payment for an Apple product over £50
* You can't use to purchase apps or digital content
* You can't buy gift cards
*You cant use for apple watch or apple watch accessories
*You can't use as part payment for an Apple product over £50
Based on this thread I was going to go in and setup 2 factor. I don't remember ever setting up the security questions and the first thing it did when I tried to setup 2 factor was ask me those questions. The questions it asked were not ones I would have chosen... at least on of them "What was your least favorite car?" and the questions that I do use didn't accept the answers I commonly use No signs the account was hacked, but the questions were screwed up.
I went to contact support and discovered that all the devices that it listed were mostly old devices. There were 6 newer iPhones, iPads, and an Apple Watch that weren't listed. Forgot that this has to be manually added. So I added my 6s Plus and then was able to get to someone on the phone in about 2 minutes. Because I was logged in, and on my Mac, she was able to do two quick things with my account and device to verify I was me and then she reset the questions. The whole thing took about 5 minutes. It is making me wait to setup 2 factor for a while for a couple of days. I received an email to that effect, so if your account is hacked I'd think you'd be getting emails as the process si going on. I got several from just what I changed.
I setup my own system for recording things like security questions and passwords a number of years ago. One of these days I will take a closer look at some of the commercial products available for this, but my system is working well.
This thread should be a good reminder that you need to develop a discipline to keep accurate records about all your accounts, including security question answers.
This thread should be a good reminder that you need to develop a discipline to keep accurate records about all your accounts, including security question answers.
Yeah takes a few days for 2 step to be enabled if you had to make a rest to your security questions. The good thing is once 2 step is enabled it replaces the security questions so it will never prompt you for those again
Yup, waited three days, got a notification I can enable two-step, enabled it. Still no idea how answers to my security questions managed to change.
Nowadays the question should be 'what do I *not* need two factor enabled for?' For me it's enabled for everything even remotely important. Only not enabled for truly trivial accounts. I've come to expect it, and disappointed when it's not available.