Though I hate to write this, I’ve lost a little faith in Apple, and with the world. Of course, a lot will depend on how they resolve this issue.
Yesterday, Apple sent me an email telling me that a new device had downloaded an app to an iPad from a location that appeared in Chinese (or possibly another Asian language). I checked my iTunes account, and indeed, 6 purchases had been made: one for a free app, and 5 in-app purchases, totaling 93¢ less than the amount of store credit that I had left from a gift card. I contacted Apple, and after a couple of email exchanges, they agreed to refund most of my money, minus the sales tax. I questioned them about this, and so far they haven’t issued the credit for any of the purchases. I trust they will, but perhaps they are checking up on the sales tax issue. It has been less than 24 hours since I discovered the problem. Apple was quick to respond, even working past the hours the tech support agent listed in his email.
I haven’t been phished. I am certain of that. I haven’t bought any apps other than ones from the App store that I believe are reputable. And I’m not losing my mind… well, at least this can’t be seen as evidence that I am. According to this Macworld article, this has been going on since 2010, and hundreds of people have reported similar issues.
What should you do?
Before you read further, go to Apple and change your password to a more secure one. It may not stop this from happening to you, but it might help (see that article link below for at least one instance of someone with a very secure password who had this happen).
Then, watch your iTunes account, and do check if Apple ever sends you a message about a new device you aren’t aware of. Don’t leave iTunes credit on your account. For safety’s sake, I may not keep a credit card on file in my account — at least not until I’m reassured that they can’t get at this information (mine was wiped out but hasn’t been used — I’m calling my bank, though).
I’ve had my bank card number stolen and unauthorized charges were made. The bank refunded those charges and issued me a new card. It’s sad, but that may be the cost of doing business in an electronic age. There’s no telling where they got the number (gas station, restaurant, online purchase, etc.). My bank was very good about security then, and as long as Apple stands behind its iTunes Store credit, I won’t complain. Now that I know it’s an issue, though, I wait until I know what I want to purchase before I load credit into my account, and then I’ll spend it as soon as possible.
So far, no one seems to know how hackers are getting into iTunes accounts. It seems to be only accounts that have store credit, though it’s unclear why. There have been a few reports of other abuses — credit card or PayPal information being used — and many have had their address changed or credit card information wiped out. But it all seems to start with store credit, so I’m planning to keep mine low until I hear that this problem has been solved.
2 thoughts on “Insecure iTunes Credit”
Here’s the first In-App Purchase that was made on my account. Wouldn’t you think this was a little strange? The others were all to the same game. The detail comes from my iTunes Store receipt.
胡莱三国 for iPad, 2499钻 Hoolai Game Ltd In-App Purchase
Follow-up: Apple has restored my iTunes credit (including the sales tax) and after I notified them that there was a suspicious app in my downloads, customer support deleted it for me. So ultimately, Apple has done what it should to resolve the situation. They haven’t said anything about how it could have happened or what they are doing to prevent it from happening in the future. I didn’t really expect that they would, but it would be nice if they could. Now it’s time to use that credit before it gets stolen again.