My Apple iTunes account was hacked into recently. I know this because, I received an email like this from Apple:
Your Apple ID, XXXXXXXXXXX, was just used to make a purchase in Island Empire from the App Store on a computer or device that had not previously been associated with that Apple ID.
As soon as I received the warning email, I reset my password, but by then, the hacker had already drained my account. I then went in search of an Apple hotline or email address that would let me immediately solve the issue. I filled out the contact form
here, then waited (Apple has removed this form already and now redirects you to "express lane" instead).
I received a reply within 1 day that asked me to reset my password, so I reset my password again.
Then, I received an email receipt where Apple had reimbursed me for the $16.22 cents that had been stolen.
I was very happy with the reimbursement and the time-frame of resolving this problem was speedy in my mind. The only issue that I still have, is all of my unanswered questions. I still want to know how this happened and I still want to know how to prevent it from happening again. No other aspect of my online life has been compromised in any way. No other accounts were hacked. No other programs or apps had issues. Only iTunes. So what gives?
Well, if you can’t get answers directly from Apple, then maybe Google can turn up something. It does... here is an entire 40+ page Apple Discussion Thread on the topic.
Over 40 pages worth of people wondering about the same thing. There were multiple people per page and that’s only one of the several discussion threads on Apple’s own site. This let me know that its not just me and my account that is having this issue. It’s a widespread problem. Apple was actually very timely and diligent about refunding and handling the hacking issue (kudos for that), but the universal complaints running through the discussion thread are “how did this happen?” and “how can I prevent this from happening again?”. This is where Apple dropped the ball. Maybe they don’t know what happened or maybe they don’t know how to fix the problem yet. Whatever the reason is, the answers haven’t been forthcoming.
Is there a potential fix to this?
When I put on my programmer hat (yes, I have a hat for that, complete with propeller) and think about the current pattern of the problem, I see one glaring trend. In every case I read about, the hacker used a device that “has not been previously associated with this account”. Now, I don’t claim to know the back-end programming of iTunes, but it seems like after people first set up their account and attach a device or two, it really doesn’t change that often. I mean, how many times per month or per year do you add new devices? I haven’t added a new device in over a year. Even if you bought the latest device every year in order to upgrade and also purchased a new device or computer in addition to that every year, you are still looking at only 2-3 changes per year. That’s not a lot of changes in programming terms.
If there was a way to simply lock down your account to specific devices, then you would be throwing another roadblock in the way of a hacker. No, I don’t think any online system is hackproof, that’s just the nature of the internet. But if your company is encouraging people to directly link their credit cards to your system, then security needs to be an incredibly high priority.
I was lucky. My account was created using gift cards only. I have never attached a credit card to my account. The best a hacker can do is take me for the amount on the latest gift card. I saw several people who had actually attached their credit card and got taken for a lot more. I have personally called people I know who have an iTunes account and told them to switch to gift cards. You can limit your liability by limiting the amount of money on your account. This lesson can apply to ANY internet account.
I have no plans on dropping my account or switching to anything else. Apple products and services work for me and my lifestyle. They reimbursed me for what was stolen and my password has been reset, but I have no way of knowing if this can happen again tomorrow. I have no assurance that my account, my information or my money is safe. That’s a tough pill to swallow.
Apple is being extremely quiet about being hacked, but at some point, they are going to have to be transparent about how they are fixing the problem or they are going to loose people's trust, and that's worse than being hacked.
Have you had a similar experience with your iTunes account? Leave a comment below and tell me about it.