Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Has iTunes Been Hacked?

Soulskill posted more than 3 years ago | from the missony-loves-company dept.

Security 191

An anonymous reader writes "Betanews has a series of articles talking about an apparent hack in iTunes that has resulted in fraudulent charges for some users involving Sega's Kingdom Conquest game. The reports start with a personal account from reporter Ed Oswald, who was a victim of the hack itself. The next story adds reports from readers, and the most recent story adds additional reports, with Oswald saying the number of reports received are in the 'dozens.' Apple has yet to confirm the existence of a hack, although reports have appeared on Sega's own support forums, Apple discussion boards, and through other news outlets."

cancel ×

191 comments

Sorry! There are no comments related to the filter you selected.

Reminds Me of Something the Sony CEO Said ... (3, Interesting)

eldavojohn (898314) | more than 3 years ago | (#36358664)

I recall Stringer saying a lot of stupid crap but when criticized for the delay in his notification of a breach [escapistmagazine.com] he said something quite memorable to me:

"This was an unprecedented situation," he said. "Most of these breaches go unreported by companies."

At first I thought this was just to spread generalized fear, take a cheap swipe at their competition or even shift attention to something else, but it appears we'll get to see how pervasive this becomes. Perhaps he wasn't completely full of lies ...

Re:Reminds Me of Something the Sony CEO Said ... (1)

jhoegl (638955) | more than 3 years ago | (#36358678)

I dont think this is a "breach", it looks more like a social engineering turned trojan/keylogger.
Dear Apple users,

enjoy.

Re:Reminds Me of Something the Sony CEO Said ... (5, Funny)

obarthelemy (160321) | more than 3 years ago | (#36358840)

can't be: there are no viruses on Apple. Go ask your local Genius !

Re:Reminds Me of Something the Sony CEO Said ... (0)

wvmarle (1070040) | more than 3 years ago | (#36358918)

No-one was talking about viruses here. Of course everyone knows there are no viruses on Apple's platform, it's preposterous to even suggest the idea of viruses on Apple's platform. However Apple's users are certainly prone to social engineering. Or are there products really as great as they say they are?

Re:Reminds Me of Something the Sony CEO Said ... (1)

vajorie (1307049) | more than 3 years ago | (#36358952)

Or are there products really as great as they say they are?

I take you mean users when you say products? ;)

Re:Reminds Me of Something the Sony CEO Said ... (-1, Troll)

Anonymous Coward | more than 3 years ago | (#36359328)

Q: Were Niggers hacked?

A: No. You see, there are no Niggers on the Internet.

Re:Reminds Me of Something the Sony CEO Said ... (0)

gmhowell (26755) | more than 3 years ago | (#36359566)

Q: Were Niggers hacked?

A: No. You see, there are no Niggers on the Internet.

No women either.

Re:Reminds Me of Something the Sony CEO Said ... (-1)

Anonymous Coward | more than 3 years ago | (#36359098)

Why the hell are you vomiting this sad and proven wrong meme?

Re:Reminds Me of Something the Sony CEO Said ... (4, Funny)

gmhowell (26755) | more than 3 years ago | (#36359564)

However Apple's users are certainly prone to social engineering.

Of course I'm prone to social engineering. Why else would I have an iMac. And a MacBook. Two iPods. One iPhone (and two iPods and an iPhone for my kid.)
 

Re:Reminds Me of Something the Sony CEO Said ... (4, Interesting)

Sprouticus (1503545) | more than 3 years ago | (#36358870)

Half a dozen years ago, I worked at a company that got hacked due to a web vulnerability. The hackers simply used our storage to store geman porn. But it was still a hack. And it went unreported. It was detemrined that there was no value in reporting the hack since it would affect stock value.

I am betting that the VAST majority of hack never get reported for this exact reason.

Re:Reminds Me of Something the Sony CEO Said ... (4, Interesting)

wvmarle (1070040) | more than 3 years ago | (#36358928)

So you closed the vulnerability and kept the stash?

Re:Reminds Me of Something the Sony CEO Said ... (5, Funny)

pipedwho (1174327) | more than 3 years ago | (#36359224)

So you closed the vulnerability and kept the stash?

Close the vulnerability? Don't be daft man! That sounds like the kind of automatic update that is best left enabled.

Re:Reminds Me of Something the Sony CEO Said ... (2)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36359264)

No, he accepted more porn as payment for their services.

Re:Reminds Me of Something the Sony CEO Said ... (1)

Penguinisto (415985) | more than 3 years ago | (#36359404)

Posting to destroy a mod gone wrong... my bad.

(stupid 2.0...)

Re:Reminds Me of Something the Sony CEO Said ... (1)

Anonymous Coward | more than 3 years ago | (#36359468)

I knew a guy who ran network ops at a local university. They had an anonymous FTP server that was constantly being tagged and used as a drop point. He had no problem as long as nothing was being encrypted. If the content was encrypted, he felt he was being ripped off and deleted it.

Re:Reminds Me of Something the Sony CEO Said ... (4, Insightful)

rAiNsT0rm (877553) | more than 3 years ago | (#36359000)

I've worked in IT security for a long time and for banks... The sheer number of unreported hacks at banks and at retail stores would blow your mind. People mistakenly get angry at the hackers (which is how the media has trained most everyone to think) when in reality it is almost always gross negligence on the hack-ee side and they deserve the ire.

Re:Reminds Me of Something the Sony CEO Said ... (3, Interesting)

Ixokai (443555) | more than 3 years ago | (#36359216)

Seriously, "mistakenly", "trained"?

Sorry, no.

Sure, the companies deserve ire and disdain if they don't take care of our information securely. They even deserve some real civil liability -- a lot more then they're getting now.

But asshat little fuckheads who go around breaking into said company deserve ire, irregardless of any other ire given.

Cracking into networks and systems and grabbing data, damaging systems, anything of the sort-- even if they aren't properly secured-- is not noble.

It its worthy of ire, scorn, and jail time.

Now, its not worth as much jail time as is being handed out often these days, nor silly, inflammatory words like "terrorism" being thrown around to make it all worse -- and adolescents who are frankly incapable of understanding that being an idiot even though its a rush or fun is dangerous and has real consequences, should be treated like the kids they are, not adults.

But, no. Its not a mistake to give them all kinds of ire.

I pretty much hate Sony, for instance. But what the cracker-jackass groups are doing is pretty sociopathic.

There's no Greater Good involved, thats self-delusion at best. There could have been a way to go about it that may have been ethical, in a vigilante, internet-patriot sort of way. But these data dumps of real, personal information (including usernames and password hashes) is not at all it.

Re:Reminds Me of Something the Sony CEO Said ... (0)

Anonymous Coward | more than 3 years ago | (#36359282)

AMEN! I may be able to kick over a kid's sandcastle or take his lolly, but it doesn't mean it's completely his fault because he didn't secure it better. I shouldn't have done it in the first place.

Re:Reminds Me of Something the Sony CEO Said ... (4, Insightful)

baldass_newbie (136609) | more than 3 years ago | (#36359286)

irregardless of any other ire given

Irregardless is not a word. You may have a point, but your use of a non-word makes me wonder.

Re:Reminds Me of Something the Sony CEO Said ... (-1)

Anonymous Coward | more than 3 years ago | (#36359388)

Unless you're truly a pedant... Which makes me wonder about you. This says different. [wikipedia.org]

It is a word, though not considered fully accepted, according to my local dictionary and those online. FYI.

Re:Reminds Me of Something the Sony CEO Said ... (1)

jamesh (87723) | more than 3 years ago | (#36359478)

irregardless of any other ire given

Irregardless is not a word. You may have a point, but your use of a non-word makes me wonder.

If enough people use it and accept it as valid then it's a perfectly cromulent word, just like all the other words that weren't words 100 years ago. If you want a definition then this [wiktionary.org] might assist you broadening your vocabulary (even though the entry itself state's that it isn't generally accepted as a word :)

Re:Reminds Me of Something the Sony CEO Said ... (1)

dakameleon (1126377) | more than 3 years ago | (#36359486)

(even though the entry itself state's that...

Oh dear, is there a rule of some sort that if you're correcting someone else's grammar/spelling/(mis-)use of words, you'll get something wrong on your own post?

(*checks and double-checks before submitting*)

Re:Reminds Me of Something the Sony CEO Said ... (1)

Serious Callers Only (1022605) | more than 3 years ago | (#36359572)

It's OK, I've seen state's on the internet before - here is the justification. [slashdot.org]

Re:Reminds Me of Something the Sony CEO Said ... (1)

gmhowell (26755) | more than 3 years ago | (#36359574)

(even though the entry itself state's that...

Oh dear, is there a rule of some sort that if you're correcting someone else's grammar/spelling/(mis-)use of words, you'll get something wrong on your own post?

(*checks and double-checks before submitting*)

I think Alanis Morissette starts playing from your computer when this happens.

Followed by pedants arguing about that word.

Re:Reminds Me of Something the Sony CEO Said ... (1)

dwightk (415372) | more than 3 years ago | (#36359618)

Oxford American Dictionary says differently.

Re:Reminds Me of Something the Sony CEO Said ... (2)

DurendalMac (736637) | more than 3 years ago | (#36359026)

"Dozens" of reports doesn't mean that much. It could have easily been a phishing attack or someone getting ahold of a different online account from said user and they happened to use the same password.

Someone getting access to your account is NOT necessarily a "breach".

Re:Reminds Me of Something the Sony CEO Said ... (3, Insightful)

StikyPad (445176) | more than 3 years ago | (#36359190)

Or, quite possibly, we're starting to see the impact of the Sony hacks themselves. I'd bet money that the affected people were using the same login information on each service, especially since both services use the same "username": the player's e-mail address. If you're not using unique passwords for each of your services (and especially the for the e-mail account that unifies them all), you're doing it wrong.

LOL Is hacked slang for consentual buttsecks?? (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#36358670)

You iFags probably shouldn't have taken so much Steve Jobs semen in your ass without at least making him wear a condom.

Now Steve Jobs has all of your money and you have AIDS.

Re:LOL Is hacked slang for consentual buttsecks?? (-1)

Anonymous Coward | more than 3 years ago | (#36358734)

...and you eat Ballmer's boogers.

Re:LOL Is hacked slang for consentual buttsecks?? (0)

Ethanol-fueled (1125189) | more than 3 years ago | (#36358790)

Or suck Linus' uncircumsized cock and swallow his chewy pecker snot.

Gobble gobble, dribble dribble.

Re:LOL Is hacked slang for consentual buttsecks?? (-1)

Anonymous Coward | more than 3 years ago | (#36358854)

someone forgot the 'post anonymously' button

Re:LOL Is hacked slang for consentual buttsecks?? (-1, Offtopic)

Asshat_Nazi (946431) | more than 3 years ago | (#36359086)

How is this for forgetting to click the post anonymously button.

--------------

Congratulations on your purchase of a brand new nigger! If handled properly, your apeman will give years of valuable, if reluctant, service.

INSTALLING YOUR NIGGER.
You should install your nigger differently according to whether you have purchased the field or house model. Field niggers work best in a serial configuration, i.e. chained together. Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever. Many niggers start singing as soon as you put a chain on them. This habit can usually be thrashed out of them if nipped in the bud. House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape. At this stage, your nigger can also be given a name. Most owners use the same names over and over, since niggers become confused by too much data. Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger. If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima. Some owners call their nigger hoes Latrine for a joke. Pearl, Blossom, and Ivory are also righteous names for nigger hoes. These names go straight over your nigger's head, by the way.

CONFIGURING YOUR NIGGER
Owing to a design error, your nigger comes equipped with a tongue and vocal chords. Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular. However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue. Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much. Niggers have nothing interesting to say, anyway. Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's). This is strongly recommended, and frankly, it's a mystery why this is not done on the boat

HOUSING YOUR NIGGER.
Your nigger can be accommodated in cages with stout iron bars. Make sure, however, that the bars are wide enough to push pieces of nigger food through. The rule of thumb is, four niggers per square yard of cage. So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers. You can site a nigger cage anywhere, even on soft ground. Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage. Niggers never invented the shovel before and they're not about to now. In any case, your nigger is certainly too lazy to attempt escape. As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put. Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.

FEEDING YOUR NIGGER.
Your Nigger likes fried chicken, corn bread, and watermelon. You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it. Instead, feed it on porridge with salt, and creek water. Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc. Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day. Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives. He reports he doesn't have to spend much on free watermelon for his niggers as a result. You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained. You would be surprised how long it takes to teach a nigger to pick cotton. You really would. Coffee beans? Don't ask. You have no idea.

MAKING YOUR NIGGER WORK.
Niggers are very, very averse to work of any kind. The nigger's most prominent anatomical feature, after all, its oversized buttocks, which have evolved to make it more comfortable for your nigger to sit around all day doing nothing for its entire life. Niggers are often good runners, too, to enable them to sprint quickly in the opposite direction if they see work heading their way. The solution to this is to *dupe* your nigger into working. After installation, encourage it towards the cotton field with blows of a wooden club, fence post, baseball bat, etc., and then tell it that all that cotton belongs to a white man, who won't be back until tomorrow. Your nigger will then frantically compete with the other field niggers to steal as much of that cotton as it can before the white man returns. At the end of the day, return your nigger to its cage and laugh at its stupidity, then repeat the same trick every day indefinitely. Your nigger comes equipped with the standard nigger IQ of 75 and a memory to match, so it will forget this trick overnight. Niggers can start work at around 5am. You should then return to bed and come back at around 10am. Your niggers can then work through until around 10pm or whenever the light fades.

ENTERTAINING YOUR NIGGER.
Your nigger enjoys play, like most animals, so you should play with it regularly. A happy smiling nigger works best. Games niggers enjoy include: 1) A good thrashing: every few days, take your nigger's pants down, hang it up by its heels, and have some of your other niggers thrash it with a club or whip. Your nigger will signal its intense enjoyment by shrieking and sobbing. 2) Lynch the nigger: niggers are cheap and there are millions more where yours came from. So every now and then, push the boat out a bit and lynch a nigger.

Lynchings are best done with a rope over the branch of a tree, and niggers just love to be lynched. It makes them feel special. Make your other niggers watch. They'll be so grateful, they'll work harder for a day or two (and then you can lynch another one). 3) Nigger dragging: Tie your nigger by one wrist to the tow bar on the back of suitable vehicle, then drive away at approximately 50mph. Your nigger's shrieks of enjoyment will be heard for miles. It will shriek until it falls apart. To prolong the fun for the nigger, do *NOT* drag him by his feet, as his head comes off too soon. This is painless for the nigger, but spoils the fun. Always wear a seatbelt and never exceed the speed limit. 4) Playing on the PNL: a variation on (2), except you can lynch your nigger out in the fields, thus saving work time. Niggers enjoy this game best if the PNL is operated by a man in a tall white hood. 5) Hunt the nigger: a variation of Hunt the Slipper, but played outdoors, with Dobermans. WARNING: do not let your Dobermans bite a nigger, as they are highly toxic.

DISPOSAL OF DEAD NIGGERS.
Niggers die on average at around 40, which some might say is 40 years too late, but there you go. Most people prefer their niggers dead, in fact. When yours dies, report the license number of the car that did the drive-by shooting of your nigger. The police will collect the nigger and dispose of it for you.

COMMON PROBLEMS WITH NIGGERS - MY NIGGER IS VERY AGGRESIVE
Have it put down, for god's sake. Who needs an uppity nigger? What are we, short of niggers or something?

MY NIGGER KEEPS RAPING WHITE WOMEN
They all do this. Shorten your nigger's chain so it can't reach any white women, and arm heavily any white women who might go near it.

WILL MY NIGGER ATTACK ME?
Not unless it outnumbers you 20 to 1, and even then, it's not likely. If niggers successfully overthrew their owners, they'd have to sort out their own food. This is probably why nigger uprisings were nonexistent (until some fool gave them rights).

MY NIGGER BITCHES ABOUT ITS "RIGHTS" AND "RACISM".
Yeah, well, it would. Tell it to shut the fuck up.

MY NIGGER'S HIDE IS A FUNNY COLOR. - WHAT IS THE CORRECT SHADE FOR A NIGGER?
A nigger's skin is actually more or less transparent. That brown color you can see is the shit your nigger is full of. This is why some models of nigger are sold as "The Shitskin".

MY NIGGER ACTS LIKE A NIGGER, BUT IS WHITE.
What you have there is a "wigger". Rough crowd. WOW!

IS THAT LIKE AN ALBINO? ARE THEY RARE?
They're as common as dog shit and about as valuable. In fact, one of them was President between 1992 and 2000. Put your wigger in a cage with a few hundred genuine niggers and you'll soon find it stops acting like a nigger. However, leave it in the cage and let the niggers dispose of it. The best thing for any wigger is a dose of TNB.

MY NIGGER SMELLS REALLY BAD
And you were expecting what?

SHOULD I STORE MY DEAD NIGGER?
When you came in here, did you see a sign that said "Dead nigger storage"? .That's because there ain't no goddamn sign.

Re:LOL Is hacked slang for consentual buttsecks?? (-1)

Anonymous Coward | more than 3 years ago | (#36359240)

Ah I see you have a tiny tiny penis. like all similar copy/pasta trolls!

Re:LOL Is hacked slang for consentual buttsecks?? (0)

Xtifr (1323) | more than 3 years ago | (#36358874)

Ha-ha, original poster was a FreeBSD fan!

Just kidding--actually, he's a Solaris fan.

Fooled ya! He actually uses The Hurd. Amiga? Plan9? Atari800?...

Re:LOL Is hacked slang for consentual buttsecks?? (0)

Ethanol-fueled (1125189) | more than 3 years ago | (#36359228)

IRIX fan, bitch.

ide fe with a monochrome dumb terminal, hamster wheel, vibrating dildo, and espresso machine, ridiculously large 35" Sony-made SGI-branded CRT monitor with 20 instances of Doom, all connected and performing flawlessly.

OOh, look at your pretty little Quadro 6000! [nvidia.com] My motherfucking Impact [sgidepot.co.uk] was fatter than yours and didn't need no pussy fans way back in '95. Dig those LSI chips, man. Same shit you'll find on military-grade cards.

lol (-1)

Anonymous Coward | more than 3 years ago | (#36358676)

iOS users are suckers, but then again, so are android users. :/

It's Blackberry or nothing.

Re:lol (-1)

Anonymous Coward | more than 3 years ago | (#36358738)

dohoho Hipster much?

Re:lol (2)

Divebus (860563) | more than 3 years ago | (#36358740)

Nobody ever hacked my cassette deck.

Oh yeah? (1)

Anonymous Coward | more than 3 years ago | (#36358862)

I am posting this comment from Divebus' cassette deck.

Re:Oh yeah? (1)

ColdWetDog (752185) | more than 3 years ago | (#36359232)

I am posting this comment from Divebus' cassette deck.

A cassette deck running a browser. Cool. Did you load BSD?

Re: iTunes hacked? (1)

Anonymous Coward | more than 3 years ago | (#36358686)

There are anecdotal reports of some European credit card
companies refusing to accept iTunes charges. Related?

Too coincidental? (1)

Anonymous Coward | more than 3 years ago | (#36358708)

Coincidence, I wonder, that a new 63-page EULA (63 pages Apple, are you serious?) appeared today when I was prompted to update my NASA App. And that the changed terms specifically involved iTunes password expiry and in-app purchases?

Re:Too coincidental? (1)

Culture20 (968837) | more than 3 years ago | (#36359302)

Coincidence, I wonder, that a new 63-page EULA (63 pages Apple, are you serious?) appeared today when I was prompted to update my NASA App. And that the changed terms specifically involved iTunes password expiry and in-app purchases?

Yes, Coincidence. The new EULA items were about children buying wheelbarrows of Smurfberries.

Re:Too coincidental? (2)

sconeu (64226) | more than 3 years ago | (#36359326)

I tried to get them to email the new TOS, but my wifes iPhone kept trying to spell-check/correct my email address. Why the F*** does it do that to *EMAIL ADDRESSES*??????

Re:Too coincidental? (1)

multisync (218450) | more than 3 years ago | (#36359528)

my wifes iPhone kept trying to spell-check/correct my email address. Why the F*** does it do that to *EMAIL ADDRESSES*??????

That's so annoying. Blackberrys do the same thing.

When I activate Blackberrys on our BES, I have to compose an email message first so I can disable 'suretype' and enable 'multitap' or I can't make it halfway through the user's email address thanks to it autocorrecting. Almost as bad as it capitalizing the first letter of every sentance whether you want it to or not.

Most likely not a "hack" (3, Insightful)

adversus (1451933) | more than 3 years ago | (#36358724)

More like identity theft.

Re:Most likely not a "hack" (4, Interesting)

EastCoastSurfer (310758) | more than 3 years ago | (#36359044)

Yep. My bank recently called and canceled my CC. The trigger? The number was attempted to be used for a small ITMS purchase. The fraud department at the bank said that buying a 99c song at ITMS is quick way to verify if they have the right info or not. In my case they used the incorrect pin digits from the back of the card and the bank denied the charge, but it must work some of the time.

Re:Most likely not a "hack" (1)

Technician (215283) | more than 3 years ago | (#36359474)

A 3 digit security code is 1 in 1,000. With a couple of possible tries to get it right for each card before locking it out, your chances are now 1 in 250. With enough compromised account numbers you can find enough valid card combinations to make large purchases at a retailer other than iTunes. Most fraud is for software IP as many merchants won't ship somewhere other than the billing address for the card.

Re:Most likely not a "hack" (1)

hedwards (940851) | more than 3 years ago | (#36359482)

Cancelling it is a bit extreme. My CC company has frozen my CC a few times for small purchases like that. But, cancelling it outright would be extreme.

Re:Most likely not a "hack" (4, Informative)

mikael_j (106439) | more than 3 years ago | (#36359636)

In my case they used the incorrect pin digits from the back of the card and the bank denied the charge, but it must work some of the time.

Sorry for being pedantic but the card security code (also known as CSC, CVV, CVV2, etc.) is not a PIN code.

The PIN for Mastercard or VISA cards is a code you as the user must remember, here in Europe it is used pretty much every time you use your card instead of a signature.

Billing glitch? (3)

Bieeanda (961632) | more than 3 years ago | (#36358772)

People being overcharged because the accounting software fucked up happens all the time. What would a hacker get out of making someone pay a few extra bucks to Sega, via Apple, compared to both dodging an accusation of faulty billing software that could sour people on microtransactions?

Very unlikely that iTunes was hacked... (1)

mkraft (200694) | more than 3 years ago | (#36358786)

It's highly unlikely this was a hack. If it was reports would be in the hundreds or thousands, not "dozens". Also there would a variety of purchases, not just for one game.

The most likely answer is a keylogger trojan, social engineering or a reused password from a true hacked site (like Sony or PBS). I find it odd that everyone who suggests that in TFA is thumbed down into oblivion as that's the most likely answer.

Also iTunes doesn't bill in real time, so those purchases that "just happened" were likely from days ago.

Re:Very unlikely that iTunes was hacked... (2)

scdeimos (632778) | more than 3 years ago | (#36358930)

Also there would a variety of purchases, not just for one game.

It's not just for one game...

Since Betanews' original report last Wednesday, dozens of readers have e-mailed their own reports of account issues, most dealing with Sega's Kingdom Conquest.

Additionally...

Nearly every victim had a gift card balance on their account, and some have reported that their credit card and/or payment information had been removed from their account. This indicates that Apple likely is aware of the attacks, and is actively trying to protect its users.

In all cases, whether they're admitting the hack is occurring or not, users are having little trouble getting their money refunded to them.

Re:Very unlikely that iTunes was hacked... (4, Interesting)

wvmarle (1070040) | more than 3 years ago | (#36358988)

This is what bugged me about general security advice: people are recommended not to re-use passwords over a variety of web sites (sensible). However the solutions proposed are to store these passwords in a local "password vault" protected with just a single password, or for all sites to use a centralised log-in system such as Google or OpenID or whatever.

Now if really those web masters all follow suit and all switch to doing their logins using Google: is that any safer than re-using a password? If Google gets hacked, logins to all web sites are suddenly on the streets. Google's security may be better than Sony's, that's not said that it can not be breached.

Or if a keylogger finds its way on your computer, then the complete password vault can be opened in one go.

Re:Very unlikely that iTunes was hacked... (1)

mudimba (254750) | more than 3 years ago | (#36359122)

If a keylogger finds its way onto your computer, then all your passwords are essentially toast anyway.

Re:Very unlikely that iTunes was hacked... (0)

Anonymous Coward | more than 3 years ago | (#36359180)

RSA two factor authentication. It would be a very good solution but RSA is still milking the enterprise and government cows with that so it will be years before something like that becomes a commodity service. What ever came of the RSA security breach a few months back?

Re:Very unlikely that iTunes was hacked... (1)

ColdWetDog (752185) | more than 3 years ago | (#36359256)

RSA two factor authentication. It would be a very good solution but RSA is still milking the enterprise and government cows with that so it will be years before something like that becomes a commodity service. What ever came of the RSA security breach a few months back?

Badness. [boingboing.net]

Re:Very unlikely that iTunes was hacked... (1)

_Sprocket_ (42527) | more than 3 years ago | (#36359502)

Keep in mind that the the story is almost entirely speculation. Something happened at Lockheed. That's all we know.

The real badness is that RSA has not been very forthcoming about the incident. This opens up the kind of speculation we're now seeing with LM, L-3, and even Northrup / Grumman (though they say they jumped off SecurID shortly after the RSA compromise).

Just to muddy the waters a bit more... LM is re-issuing SecurID devices.

Re:Very unlikely that iTunes was hacked... (1)

Culture20 (968837) | more than 3 years ago | (#36359324)

What ever came of the RSA security breach a few months back?

It turned into a Lockheed-Martin security issue recently.

Re:Very unlikely that iTunes was hacked... (1)

pandello (1683250) | more than 3 years ago | (#36359824)

When you signup at bad site with email: abc@gmail.com password: abc If this is the same as you're gmail password they have instant access. You essentially told them your password.

Using Single sign on like Google or OpenId prevents this.

You have to consider what is the biggest threat. Is it more likely for google to be hacked or your machine getting a key logger? I don't know.

What Really is Happening (1)

Anonymous Coward | more than 3 years ago | (#36358814)

The author is using phished/stolen itune accounts to buy their game so they can cash out the money.

Nothing too leet.

Don't know if related (0)

Anonymous Coward | more than 3 years ago | (#36358818)

I have seen phishing mail about "issues with your itunes purchase". Don't know if it's related. (the first FA mentions it started with an e-mail).

The person who got the mail doesn't have an itunes account, so I just assumed it was typical phishing.

ifumes @ itunes SoftICE | Yes they were hacked (0)

Anonymous Coward | more than 3 years ago | (#36358828)

No more DRM

SoftICE still works http://en.wikipedia.org/wiki/SoftICE

SEGA's own support forums? (1)

Anonymous Coward | more than 3 years ago | (#36358834)

trash, no mention of phishing or trojans (3, Interesting)

blueworm (425290) | more than 3 years ago | (#36358856)

No mention of keylogging trojans or phishing combined with ridiculous uneducated guessing makes these authors' ramblings pure trash. Apparently all the links are from Betanews, too; I'd like to see Betanews stick to talking about iThings and not security. Choice quotes interspersed with my reactions:

"Apple's iTunes user logs themselves may have been compromised."

All I can think of on this one is the time I had someone tell me that my router had "lost its ARP table".

"... several of the victims that reported into Betanews on their experience are employed in IT -- obviously understanding the risks of improperly secured personal data."

I'd hope these same IT employees someday understand the risks of improperly secured personal data by not browsing the web on their own PCs (no Windows implied).

wow (-1, Offtopic)

patrickluwi (2209956) | more than 3 years ago | (#36358882)

is that right? KVM Switch [gigantika.co.id]

Re:wow (-1)

Anonymous Coward | more than 3 years ago | (#36359062)

is that right?

KVM Switch

Eat a million dicks and die, you USELESS SPAMMING FUCK.

Gawker/Sony 67% the same, perhaps iTunes as well? (1)

Anonymous Coward | more than 3 years ago | (#36358888)

Its likely that: They had the same username/pwd combination as either their gawker or their sony password, remember 67% of those two were the same. Based on that I'd wager there are at least a few iTunes credentials that are the same as well

Re:Gawker/Sony 67% the same, perhaps iTunes as wel (1)

Divebus (860563) | more than 3 years ago | (#36358966)

I'll put 97% of my money on this. Same logins as used by the hacked Sony accounts. I'm surprised the number of compromises isn't much higher. Alright... everyone change their passwords NOW.

Who cares.... (-1)

Anonymous Coward | more than 3 years ago | (#36358890)

Everyone is hacked. Nothing new.

Hacking? Easier answers... (3, Insightful)

Jason Pollock (45537) | more than 3 years ago | (#36358934)

Considering we've seen a story about how everyone is using the same password everywhere [slashdot.org] , and how Sony got hacked again [slashdot.org] , exposing even more passwords, is it any surprise that a number of people are having their iTunes and PayPal accounts attacked and drained to buy game gold?

iTunes and PayPal are pretty huge targets, but who'd attack a single game if they had access to the back end?

Re:Hacking? Easier answers... (1, Redundant)

tlhIngan (30335) | more than 3 years ago | (#36359422)

Quite likely actually. It seems these reports surface every few months.

Heck, last year we've [macrumors.com] had [macrumors.com] many [slashdot.org] reports [slashdot.org] of hacked accounts being used to buy in-app purchases or raise rankings of apps.

So, the options are either a very lowlevel iTunes hack that only seems to steal a few hundred accounts at a time (iTunes has over 250M accounts according to today's keynote), a very big breach of iTunes that someone only seems to be using a few hundred accounts at a time, or, a bunch of people got phished or used the same password.

In fact, I've seen a number of Apple phishing emails over the past few months - usually advertising some Photoshop sale or something. They look pretty real too, but they're phishes (I get them on my non-iTunes accounts).

The general goal is to use in-app purchases of some $99 things to get easy money, and the easiest way is to phish some emails (like the fake Apple ones - honestly, Apple only sends me emails about their products, not about Photoshop... and never about SALES of said product).

Most likely, either a reused password, or a phish. Besides the Photoshop bundle offer, I saw another fake Apple phishing email, but I can't remember for what product. I think it was for an Adobe product though.

It Happened To Me: (1)

Anonymous Coward | more than 3 years ago | (#36358938)

This morning I fired up iTunes to download a couple podcast before heading into work, and noticed that the balance I had left over from a gift card was missing. I checked out my account billing history and sure enough I had charges for Kingdom Conquest and some in game purchases. I went ahead and called Apple support and opened a trouble ticket to dispute the charges. Hopefully this gets resolved, but this article kind of blew me away...might be just the tip of the iceberg.

Meh. (1, Redundant)

Celestialwolf (1656075) | more than 3 years ago | (#36359028)

I specifically blocked Itunes in my firewall; it doesn't get to connect to the internet at all. No problems. Amazon is better anyway.

Re:Meh. (2)

jo_ham (604554) | more than 3 years ago | (#36359100)

That's great, but how does that stop someone else with your credentials logging in from a different computer and buying something?

I'm going to assume you don;t have a CC on file with Apple (if your iTunes paranoia is anything to go by) but your setup would not help anyone who does.

My suspicions are that this is due to usernames and passwords being the same across multiple services, so one big compromise (Sony), has led to ID theft on other services, like the iTunes store.

Re:Meh. (1)

steve_bryan (2671) | more than 3 years ago | (#36359814)

Yep, you have fixed the problem unless THE PERPETRATOR IS IN YOUR HOUSE!! Get out as fast as you can!

Please tell us you were joking so I can retract this harsh comment.

FBI + DIS + NSA + CIA + IRS + a billion others .. (-1)

Anonymous Coward | more than 3 years ago | (#36359040)

Will lov and fuck iCloud.

Just imagine.

All the in-house and contracted Ops at above mentioned agencies and more will be terminated.

What about, 401K, Social Security, Dental Plans ... for God's sake.

Well, ... they are all ... vapor ... now that iCloud ... is online.

iCloud ... a one - stop - shop for your "trusted" Civil Agencies to hack and render you a TERRIORIST to satisfy the re-erection of Barak Hussien Obama II .

Love Obama

-

Re:FBI + DIS + NSA + CIA + IRS + a billion others (-1)

Anonymous Coward | more than 3 years ago | (#36359252)

So that meth is working out well then?

Happened to Me, in much the same way (5, Interesting)

raabetj (1271140) | more than 3 years ago | (#36359042)

I very recently had the same situation that is described in the articles happen to my iTtunes Account. I received 2 emails for gift cards purchased through the iTunes store. As I was on vacation with no PC and thus no iTunes access, and not buying gift cards, I knew something was up. At first, I was thinking they were actually spam/phishing emails, as they listed the last 4 digits of a Credit Card that didn't match any of my Credit cards. Without iTunes, all I could do was access my Apple ID account through the web on my phone, and when logged into my account, I saw that my billing information had been changed.

Luckily I had moved about 3 weeks before, and updated my billing info with my credit card, and not in iTunes (or I suspect I would have had several more app/gift card purchases on my own card.) The strange part was that they didn't change my password at all, or any security related questions. It seems as all they did was change my billing info to some one else's and buy $100 worth of gift cards (Who knows what they were used for...).

I changed my iTunes Password, and contacted Apple Technical support, and all I got was a standard form letter about how I could dispute the charges on my credit card (even though I had pointed out that it *wasn't* my credit card info). They locked my account and after a short investigation they enabled it with no indication of anything other than their form letter.

I will freely admit that my password was vulnerable to a dictionary attack, as in the past, I wasn't too worried about someone buying me lots of music, but have since changed it. However, I had no indication that someone was attempting to access my account. If someone was indeed using a dictionary attack on my account, I would have hoped Apple would notice several thousand invalid logins on an account and do something about it.

I suspect there is someone named Jason in Seattle, who is wondering why they have a $100 purchase from iTunes on their MasterCard...

Data corruption? (5, Interesting)

Hachima (718971) | more than 3 years ago | (#36359094)

This may be unrelated, but yesterday I noticed that my iTunes account had became corrupted with someone else's data. My first name, last name, address and registered CC number became someone else's info. Had I not noticed, I would have been making charges against this other persons account. Maybe someone wrote one messed up database query and screwed up a massive amount of people's payment association. Some users are starting to notice they have someone else's info and are going on a buying spree. Or people are just making their normal purchases and are unknowingly charging other people's accounts, like I almost did last night.

Re:Data corruption? (2)

CosmeticLobotamy (155360) | more than 3 years ago | (#36359432)

Obviously I have no idea what happened in your case, but it gave me an interesting thought. If you have thousands of stolen credit cards (or even just one) but are afraid of getting caught using them, making thousands of other people unknowingly use stolen credit cards by changing their stored data would make for some fantastic plausible deniability.

Re:Data corruption? (1)

Hachima (718971) | more than 3 years ago | (#36359510)

Yeah, and that was my initial concern too once I saw this other person's information on my account. I checked my iTunes purchase history though, and there haven't been any purchases made other than my own.

Re:Data corruption? (1)

Eric(b0mb)Dennis (629047) | more than 3 years ago | (#36359816)

This is actually a well known tactic in carding circles.

After you've used and abused the 'virgin' cards, it's standard fare to spam them in IRC so they are used so much so quickly by so many that you are a needle in the haystack.

Re:Data corruption? (1)

OverlordQ (264228) | more than 3 years ago | (#36359588)

Some users are starting to notice they have someone else's info and are going on a buying spree. Or people are just making their normal purchases and are unknowingly charging other people's accounts, like I almost did last night.

Or somebody hacked your account and changed the billing info.

Watching this closely. (0)

w0mprat (1317953) | more than 3 years ago | (#36359310)

I cringed when I discovered for myself iTunes forces you to enter and keep your credit card details, just to be able to get access to the app store to just download free stuff even.

I'm watching how this develops, I purchased my wife an iPod touch (both regretting it slightly), because if this turns out to be another widespread hack like the others reccently it'd be the last time I ever buy an Apple product.

Re:Watching this closely. (2, Insightful)

PRMan (959735) | more than 3 years ago | (#36359462)

because if this turns out to be another widespread hack like the others reccently it'd be the last time I ever buy an Apple product.

What, Steve Jobs controlling every aspect of your life wasn't enough?

Re:Watching this closely. (1)

yarnosh (2055818) | more than 3 years ago | (#36359764)

Riiiight... Steve is so controlling my life /rollseyes

Re:Watching this closely. (4, Funny)

amicusNYCL (1538833) | more than 3 years ago | (#36359530)

I'm watching how this develops, I purchased my wife

Was she more than $.99?
Would you buy another?
Have you seen any fraudulent wife purchases on your bill?

Re:Watching this closely. (2)

Serious Callers Only (1022605) | more than 3 years ago | (#36359660)

It doesn't any more. Log in to your iTunes account and choose None as payment method, and no details will be kept on file. If you don't purchase regularly then it'll be no inconvenience to re-enter them.

Re:Watching this closely. (1)

mikael_j (106439) | more than 3 years ago | (#36359674)

I cringed when I discovered for myself iTunes forces you to enter and keep your credit card details, just to be able to get access to the app store to just download free stuff even.

No it doesn't. Sit closer to the monitor next time. I sure managed to setup an account without a credit card attached.

And even if you can't figure out how to not enter a CC# you aren't so dumb as to enter the number from a physical credit card, right? I hope you're at least using a time- and purchase-size-limited CC# that you generated through your bank's website...

Re:Watching this closely. (2)

jo_ham (604554) | more than 3 years ago | (#36359696)

It doesn't - you can open and run an iTunes account without ever using a credit card, only topping it up with iTunes gift cards. No CC ever needs to go near the account.

Re:Watching this closely. (0)

Anonymous Coward | more than 3 years ago | (#36359720)

I cringed when I discovered for myself iTunes forces you to enter and keep your credit card details, just to be able to get access to the app store to just download free stuff even.

This isn't actually true, although Apple does go out of its way to make it seem like it is.

Disturbing. (3, Insightful)

w0mprat (1317953) | more than 3 years ago | (#36359456)

From reading up on the user reports of this. It seems this has been happening in this pattern since mid to late May. Apple has inexplicably not said a damn thing (yet), but has been removing credit card details from accounts, and locking some others out. Which indicates they are aware of this issue and dealing with it. Interestingly users report they are having no problems having their balances refunded. The silence is conspicuous, no? I guess this issue getting slashdotted means Apple is going to say something.

What worries me is they appear to have known about it for a while and are trying to clean it up as quietly as possible. If this is was a glitch one presume they would admit it in a downplayed fashion. I'd wager it is a BIG hack.

Leaving us with two possiblities:
1) iTunes has been seriously fckued over for teh lulz and profit and is trying to keep it quiet.

2) Or iTunes fraud may have been a constant (but contained) background noise for some while and this isn't much of an abberation. Apple may prefer to live with some level of fraud and patch it up the leaks quietly. Just because it's trending on /. != a actual real issue.

Either way, talk about reality distortion.

Re:Disturbing. (2)

Serious Callers Only (1022605) | more than 3 years ago | (#36359664)

You missed out:

3) Most iTunes passwords are insecure, and are also used for other accounts like Sony

Though your option no.2 is a good description of Apple's reaction to the problem. They should probably offer another level of protection like a certificate per device for login.

Credit cards on file (0)

Malc (1751) | more than 3 years ago | (#36359714)

It mystifies me why we're required to keep a credit card on file for using iTunes. Sure, it makes it easier to buy stuff, but I'd rather they didn't store it. I don't buy many apps any way, and certainly don't need a CC for free purchases. Bad move Apple.

Re:Credit cards on file (1)

Anonymous Coward | more than 3 years ago | (#36359740)

I prefer to be mystified by things that are actually real. Create an iTunes App Store account without a credit card [apple.com]

iCloud to (1, Insightful)

virb67 (1771270) | more than 3 years ago | (#36359476)

iCloud to iFuckedUp in 3, 2, 1...

weird (1)

Anonymous Coward | more than 3 years ago | (#36359520)

My internet on my Mac keeps fucking up lately, it's fine on Windows and Android so it's definitely something wrong with the Mac. This better not be a fucking security fuckup since I do my banking and investing on this shit since it's supposedly more secure....

Re:weird (0)

Anonymous Coward | more than 3 years ago | (#36359750)

thats what you get for trusting a CORPORATION to care about your security. Apple exists to make money for Apple, not to make pretty things that protect you.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?