iTunes user has account hacked, loses access to his own purchases

Spare a thought for iTunes user Peter Bilderback. His account was hacked and someone downloaded almost a $1000 worth of items from the iTunes store using his account. Bad stuff, but it happens. Bilderback wonders why Apple did not query the purchase of iPhone apps, when it knew that he had no iPhone – you would have thought that Apple’s closed system would be ideal for this scenario at least – but never mind, the credit card company spotted the suspicious activity and disputed the charges with Apple.

This is where it gets really nasty. Apple closed the compromised iTunes account and de-authorised all his purchases – not only the ones the fraudster grabbed, but everything he had bought over a period of 6 years:

When I contacted Apple about what happened they were totally unhelpful. Now they seem to have closed my iTunes account entirely, and I can no longer access any of the protected AAC music files, television shows or movies that I “purchased” from iTunes in the past. They are as good as gone. iTunes customer service does not respond to my emails inquiring about how to get my account reactivated. I cannot get through to anyone via phone, I just get a message directing me to their customer service website, and I can’t really use that because as far as Apple is concerned, I don’t have an account with them anymore.

With such a clear-cut case, you would think that Bilderback would eventually recover his purchases, but he says the incident “has been going on for three months now with no resolution in sight”.

The case highlights the difference between the old world of buying physical media like a CD, which comes with a transferable licence for personal use, and the new one where you download the media and buy a licence that is more restrictive, sometimes combined with technical content protection that further limits how you can enjoy your purchase.

That said, much iTunes content is not DRM-protected so presumably Bilderback can still get access to that.

The other aspect of this story is about customer service. It is a common story: individual versus large corporate entity, and the difficulty in getting through to anyone with both the willingness to listen and the power to do anything about a problem.

I guess he could try emailing Steve Jobs? Sometimes you get a reply.

19 thoughts on “iTunes user has account hacked, loses access to his own purchases”

  1. Hi Tim,

    Thanks for your good wishes. Just to confirm, I do still have access to the non-DRM music tracks (iTunes plus). Because I have so few tracks with DRM, and I didn’t really care about the videos, I decided not to take the issue any further. I gave up. I know if I had pushed this up to the corporate level I probably could have gotten a resolution, but I didn’t want to waste my time. I’m not going to fight with Apple for the privilege of continuing to buy from the iTunes store, there are other companies that are happy to have my business (eMusic, Amazon, etc.). The experience did make me glad that I had not decided to purchase large amounts of video through iTunes, because all of those are still DRM protected, so buyer beware.

    A couple years ago I took the issue of disabling Flash within Quicktime to the corporate level at Apple, and while the person I dealt with was very friendly, obviously there was no resolution on that issue. I had created many Flash animations that were incorporated into Keynote slide shows, and after an OS upgrade they would no longer play. I eventually developed a work-around for this problem, although the results are not as good as native Flash playback. I intuited at the time the the decision to disable Flash was related to a larger corporate struggle between Apple and Adobe, and likely related to the iPhone. The Apple rep told me Flash was disabled because of security concerns, but I didn’t buy that. Unfortunately, I have since learned that iTunes is likely a bigger security risk than Flash.


    Pete Bilderback

  2. Wow that’s pretty unfortunate. But at least the man didn’t have to pay the $1000, right? That would seriously suck.

  3. My account was hacked last week and somebody went on a shopping spree of 900 bucks. I’ll make sure I save my music as all this process happens

  4. My account was just hacked. It looks like someone in the far east likes porno. I have gotten two illegitimate iTunes receipts so far.

  5. My account was hacked on June 9th +10th and Apple has been totally useless in helping. You can only email in. I am thinking of sucking up the fee just to get into a phone that is not made my AAPL.

  6. I was hacked June 16th and spent all day yesterday trying to get help! No one. Just e-mail and no answer yet. Mine was changed by [redacted]. Why does Apple make you have Itunes and then won’t help when this happens. I can’t get into my account at all.

  7. Mine was hacked on June 27th for around $200. Apple refuses to help via a live person. They only will accept an email which they won’t reply to. They state you’ll get a response in 24 hours. Its been over 48hours and nothing. Worse yet you can’t use itunes until you pay for the last fraudulent purchase that my CC declined. What a joke! Goodbye Apple. You suck!

  8. “Mine was hacked on June 27th for around $200. Apple refuses to help via a live person. They only will accept an email which they won’t reply to. They state you’ll get a response in 24 hours. Its been over 48hours and nothing. Worse yet you can’t use itunes until you pay for the last fraudulent purchase that my CC declined. What a joke! Goodbye Apple. You suck!”

    Exact same thing happened to me this morning. Now I can’t update any of my apps (or buy new ones) unless I pay for the bogus purchases.

  9. I just noticed two Itunes receipts in my email account that are not mine. I’m guessing I got hacked as well. Seems that Apple isn’t so wonderful as their magnificent encryption and security have dreadful holes. Based on the dates of the postings on this page, it’s a busy time for someone. They did three purchases totaling $85, all video games. I wanted to contact Apple so they would “get right on this”, thinking they cared that customer accounts were getting hijacked. But from everyone else’s comments, seems like Apple couldn’t care less. Apple’s glory days are over as far as I’m concerned. You tick off your customer base and they magically go away.

  10. Thanks all for the reports. I’d love to know the follow-up too. How long did Apple take to resolve the problem, or is it still unresolved?


  11. Still unresolved…
    Look here, HUNDREDS of people
    There is also a possible explanation for the mechanism of the hacking (latest posts…).
    I strongly suspect that some time ago there should have been a breaching into iTunes security that has compromised thousands of accounts that now can be used by the hackers when needed…

  12. Landed here after searching to see if anyone has had a similar problem. I caught two pending transactions while a third had already posted, all for about $156. In each purchase, beginning on 6-30 and ending 7-1 (when I caught them), the item purchased was Storm8LLC’s World War game app. Afterwards, in-app purchases of “2700 Honor Points” were made. Honor…kinda ironic, that. My bank killed the card and they’ve launched an investigation, but of course while all this is pending those monies are not available to me. After logging into my iTunes account, removing any CC info and updating my log-in info, I contacted the shameful Apple support. Their response was to send me a meaningless form letter and deactivate my account, informing me that I have to jump through some hoops if I want to try to have it reactivated. Sigh.

  13. I know how all of you feel. I just caught $510 dollars worth of downloads from my account. In the 20 minutes that I had available to me before Apple “Disabled my ID for security reasons”, I was able to see a third computer authorized to my account. I only have a laptop and a desktop authorized. I was able to talk to someone at apple about my account and they “raised the level of concern” on this issue. When I called back after having my CC closed and reporting those transactions fraudulent, I tried to get ahold of someone at the fraud department to help me with something the bank wanted. Long story short, after an hour and a half time in my life I can’t get back, six different representatives, and my favorite of all time, three different offices I had to call in three different countries, I still have no resolution to my problem. (The last person finally told me that I was wasting my time trying to talk to someone about being hacked and the charges against my CC. The fraud department only sends emails to people and they will not give out thier phone number.) I have finally recieved my “Do not reply to this email” email and i’m hoping I get the “we fixed your issue” email soon. Until then, I’m out 500 bucks. So sad!

  14. This happened to me this morning. I called the corporate number for Apple in Cupertino, California and was transferred to Canada, but the woman actually sounded Irish to me, but whatever. They did refund the amount stolen from my gift card balance, and my credit card has expired (yeah!!!) so $39 was all they could get.

    BUT — THIS IS SCARY: The hackers changed my password as well AND “deauthorized” all of my computers, just like OP. I wrote a certified letter to Steve Jobs today, and let’s see what pile of smoke they blow my way. California has a disclosure law, and I believe Apple should be living up to that (Civil Code 1798.80)

  15. This is still happening people. My account was hacked on Monday afternoon (16th) and by Wednesday morning (18th) they had charged over $700 through my Paypal account. The last purchase I made on iTunes was in early 2008 and I paid with Paypal. Apparently when using Paypal with iTunes after the first purchase, you don’t have to sign in next time to Paypal to authorize a payment, it’s automatic! Paypal says I will get my money back and I’m still waiting.

  16. Yes, it is still happening. My account was hacked for a total of $4800 for purchases of World War and iMobsters by Storm8 LLC. I have neither of those apps. It has been over 72 hours and still no response from Apple. Its been a financial nightmare for me dealing with Paypal and my bank. Thankfully, everything is all locked down now but I’m still locked out of my iTunes account.

  17. I’ve purchases hundreds of Dollars of itune Music. Itunes and QuickTime have become corrupt and I can neither upgrade, un-install, re-install or run iTunes or any iTunes related product – tired different things for several months. It always says they are on a server that I cannot access. I cannot even convert the music into a format to be used in Windows Media Player. I cannot put it into Real Player because it requires QuickTime to work. I called iTunes but they hang up on the recorder saying they donot support iTunes. I tried an online email and it disconnected me. What now? All my music money wasted?

  18. My account has recently been hacked, also with iMobsters by Storm8 LLC. It was a total of 1000$ until my bank pulled the plug. Apple responded actually quite quickly and the case was resolved in under 3 days.
    What baffles me is, that people hack iTunes Accounts and steal money just to cheat in a game …

Comments are closed.