It all started with a few e-mails. A bunch of receipts for $50 iTunes purchases. When I first saw them, I assumed they were phishing attempts. A lot of phishers will use fake receipts that contain links to lure people to fake websites for acquiring passwords. I looked at the source of the e-mail and it looked legit, so I went on iTunes and discovered that my account was hacked.
There were several $50 purchases that use a feature called “Itunes allowances” which allow people to give others iTunes credit. The allowances were sent to a bunch of Yahoo! china e-mail addresses. Needless to say, I was pretty shocked. My password security is pretty good, and I’m very careful about what I do on the Internet.
So after finding out I was hacked, the first thing I wanted to do was call Apple. Want to actually call Apple about something? You’re shit out of luck. The only way to contact Apple about iTunes fraud is to send them an e-mail, and don’t expect a timely response. It took 12 hours to get a reply. Apple doesn’t really handle fraud at all. They tell you to contest the charge with your credit card issuer or Paypal. I was shocked at how poorly Apple handled the situation, which I guess is why scammers are using iTunes as a platform for exploitation.
My Apple account was tied to my Paypal account. Apple forces iPhone owners to have some form of billing setup, even if you don’t actually buy anything from Apple. I had my Apple account linked to my Paypal account. The eight $50 charges went to Paypal, so I contacted Paypal too.
I have to give Paypal some credit, someone called my cell within 10 minutes of me filing the fraud compliant. Paypal will be sending me a refund. However, the refund process takes 10-15 days! Paypal instantly withdrew $400 from my bank account, but it takes them over 10 days to issue me a refund. Oh, and here is the best part. The refund is sent to my Paypal balance! Then I need another 3-5 days to transfer the money back to my bank account.
How did my itunes account get hacked? I’m not sure. My computers are all secure, but I did reuse the Itunes password on several different other websites. It was a password that I used on quite a few Internet forums. My best guess is some forum site got hacked, and thats how my e-mail/password was grabbed. Thats my best guess. My security questions are too tough for anyone to guess, and while Apple is completely inept when it comes to security, I can’t imagine anyone brute forcing my iTunes password.