Hacked Off
I'm in Paypal / iTunes hell.
On my birthday someone made over $160 of unauthorized charges by purchasing music on itunes. It was paid using my paypal account, which I use as the default payment for iTunes.
Apparently there's a well known glitch in iTunes security that allows hackers to use someone's birth day to hack their password. It's happened to more than just me.
Paypal denies that these 4 charges ($40, 40, 40 and $20) were unauthorized. iTunes refuses to talk to anyone but Paypal about it, and paypal refuses to talk to anyone because the cases are closed. They closed them the same day they opened them, by the way. Way to do some intensive forensic research, Paypal...
It seems that once a hacker knows a victim's birthday, they can hack in and change the security questions in an iTunes/Apple account, and then all hell breaks loose. It's been documented online by folks whose accounts were hacked AND security questions were changed, but from what I can see, Apple is still denying it's a problem.
I love Apple. Love my mac, love my ipod touch, love how they enhance my life. I do NOT love the runaround I'm getting on this. This was DEFINITELY not a case of my paypal account being hacked, or someone hacking into my computer - it's an iTunes problem.
Paypal is - as usual - not a lot of fun to deal with, but the problem is definitely on Apple's end. I did, hope, however for more protection from paypal.
Anyone else have a similar iTunes story, I'd love to collect them and publicize them as much as possible.
The only phone number I was given by Apple (ostensibly for their fraud department) was a message-only line giving a fax number for Law Enforcement, not for "ordinary" customers.
Is filing a police report my next step? Does anyone know if there's a class action on this? I'm thinking there must be a LOT of folks affected by Apple's lack of security.
On my birthday someone made over $160 of unauthorized charges by purchasing music on itunes. It was paid using my paypal account, which I use as the default payment for iTunes.
Apparently there's a well known glitch in iTunes security that allows hackers to use someone's birth day to hack their password. It's happened to more than just me.
Paypal denies that these 4 charges ($40, 40, 40 and $20) were unauthorized. iTunes refuses to talk to anyone but Paypal about it, and paypal refuses to talk to anyone because the cases are closed. They closed them the same day they opened them, by the way. Way to do some intensive forensic research, Paypal...
It seems that once a hacker knows a victim's birthday, they can hack in and change the security questions in an iTunes/Apple account, and then all hell breaks loose. It's been documented online by folks whose accounts were hacked AND security questions were changed, but from what I can see, Apple is still denying it's a problem.
I love Apple. Love my mac, love my ipod touch, love how they enhance my life. I do NOT love the runaround I'm getting on this. This was DEFINITELY not a case of my paypal account being hacked, or someone hacking into my computer - it's an iTunes problem.
Paypal is - as usual - not a lot of fun to deal with, but the problem is definitely on Apple's end. I did, hope, however for more protection from paypal.
Anyone else have a similar iTunes story, I'd love to collect them and publicize them as much as possible.
The only phone number I was given by Apple (ostensibly for their fraud department) was a message-only line giving a fax number for Law Enforcement, not for "ordinary" customers.
Is filing a police report my next step? Does anyone know if there's a class action on this? I'm thinking there must be a LOT of folks affected by Apple's lack of security.
Feed me, baby!
18 Comments:
Coincidence that a new iTunes was pushed out today?
you should send this story to consumerist.com-they seem to be good about finding others in similar situations and contact info for executive e-mail letter bombs.
Happy Birthday, but that STINKS!
Thanks for the heads up... I never even THOUGHT this could happen. UGH.
That sucks. When I had some PayPal issues I wrote a statement, had it signed by a notary and sent it certified mail to PayPal and the other company. They picked up the pace after that. You could also ask the Attorney General's office to send a letter on your behalf. I know the one in Vermont has a Consumer Assistance Program and in my experience a business responds very quickly to a letter from them.
Good luck and happy late birthday.
I wouldn't be surprised if you have to file a police report to get any action. Isn't that what makes it an official crime?
Good luck!
Annie, check here - http://www.slate.com/id/2154994/-
this was the secret to getting a human a few years ago, give it a try - Tim at Slate probably would have edited it if it had changed.
Also, if it came off your credit card - as oppose to Paypal funds - dispute it on your credit card.
I'm a bit surprised about PayPal. I've had them be quite responsive when I bought something on ebay & the seller never sent the item. And I know that some SAHM who have cloth diapering online stroes have had money reclaimed by PayPal when someone alleged non-receipt of items. But maybe it's because these were individuals in small at home businesses. They might be afraid to do it to Apple. You didn't say if the money came from your bank account or a credit card but I would contact the source of the payment (bank or credit card company) & protest the charges with them as well as following the above suggestions.
Or try
http://www.gethuman.com/customer-service/Apple_74.html
I had a Paypal "phishing" problem (which I later learned had happened to lots of folks). Paypal would not let me close my account. I searched on the internet and found some names of Board members and then sent a detailed email and signed it with my Esq. appendage. Lo and behold the next day I was able to close the account.
Your problem is with both companies because neither one is helping you.
Looks like filing a police report may be the way to go:
http://forums.macrumors.com/showpost.php?p=7478797&postcount=48
Apple might actually pay attention at that point. Good luck dealing with all of this. Please let us know how it goes.
Annie - I would be concerned about identity fraud on a big scale. What if these hackers have found a way to access your social security number? You might want to do a fraud alert at one or more of the credit reporting agencies and make it harder for the hackers to set up accounts in your name.
What a crappy birthday present. I just deleted my credit card info from my I-tunes account. I'd rather have to put it in every time I buy.
I hope you get some resolution soon.
Thanks for posting your experience. I haven't had it yet, but like Evie, I just deleted my credit card info. I hope things work out.
Here in MN, you can also try filing with the State Attorney General.
I'm sorry to hear you got hit by this. It's especially unfair that this exploit means it was an unwelcome birthday present!
Even though the initial problem may be on Apple's end, PayPal's refusal to acknowledge this as a (possible) crime is a serious problem. If this had happened with a credit card linked through your iTunes account, it would be a simple matter of picking up the phone and disputing the charges. That makes it the credit card company's problem, and they are motivated to solve the problem for you (because of US laws that protect the consumer, it's their money that was stolen). PayPal is not a credit card company, nor a bank, so the consumer protections are much more limited.
This is why I do not have a PayPal account. Too many people I know have lost lots of money because there is no tight regulation of PayPal. It's a great tool for moving money around internationally, but if I can possibly use a credit card, I do.
I know this won't help you, Annie, but I put it out there as a warning for those who view their PayPal account like a credit or debit card. It ain't. And I'm hoping that this security hole gets fixed on Apple's end.
I had a similar problem with itunes and paypal, but I had used my credit card. We had ordered items using paypal, and then someone used my credit card to make purchases at itunes. Since it was the only time we had used the new card, it was easy to track. Our bank took care of it and we got all the money back.
I would call the bank, credit card company and the police. It is a theft and or unauthorized use. Paypal was involved in and lost a huge lawsuit about 3 years ago and supposedly changed these kinds of problems. I am sorry to hear they still have these kinds of problems.
Annie-
Sorry to hear you had such a crappy birthday present. I use Paypal but I've never used it for purchasing on iTunes. I buy iTunes gift cards and redeem those so that I don't have to use my credit cards or Paypal. Hope this helps for future purchases! Happy Birthday.....
The Federal Trade Commission bills itself as the "nation's consumer protection agency."
www.ftc.gov/bcp/
Here's info about filing an identity theft report.
http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/know-before-filling.html
I too just got hacked 10/10 on iTunes. I have $250 in downloads for Chinese pop and "hot asian chicks" content. It all happened while I working an allnight flight (I'm a flight attendant), so clearly it wasn't me :-)
I set all my network options to off and removed the payment info from the "my account" section. I assume you've already done this (as the horse has left the barn) but that seems to be the only rememdies Apple gave me.
Off to fight for my money back now!
Post a Comment
Links to this post:
Create a Link
<< Home