SageTV Community  

Go Back   SageTV Community > General Discussion > The SageTV Community
Forum Rules FAQs Community Downloads Today's Posts Search

Notices

The SageTV Community Here's the place to discuss what's worth recording, HTPC deals at retail stores, events happening outside of your home theater, and pretty much anything else you'd like. (No For-Sale posts)

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 06-12-2010, 01:09 AM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
Itunes Account Hacked?!

I was checking my credit card statement online today (I recently purchased the SageTV 7 upgrade, and wanted to see what the total was with the Canadian exchange rate), and noticed a charge from Apple....

I go through my e-mail and notice one from Apple a few days ago thanking me for my iTunes purchase, but I didn't purchase anything. I originally didn't bother opening the e-mail since I had just installed an upgrade for AirVideo on my iPod and figured it was just confirming that.... Total was about $20, and it has been charged to my credit card. One of the apps purchased was some bluetooth thing, but my iPod Touch (1st generation) doesn't even have bluetooth!

Has this happened to anybody else?

I changed my iTunes password, and deleted my credit card info. E-mailed Apple asking them to fix it, and I phoned my credit card company but they are closed right now. I'll contest the charge when I get a hold of them, and have them cancel the card.

Any idea how they could have gotten into my account? I Googled and noticed quite a lot of other people with this problem.

This is the first time I've even had any type of online fraud directed at me. Feeling quite frustrated right now
Reply With Quote
  #2  
Old 06-12-2010, 02:52 AM
Lucas Lucas is offline
Sage Icon
 
Join Date: Aug 2004
Location: Greece
Posts: 1,156
No need to get upset over this.

Happens quite frequently.
Your card info could have been stolen by fraudsters/hackers from any number of places were you used it including ATMs. Fraudsters have also broken into cc processor servers and got whole databases of the stuff.

Just make sure you dispute the particular transaction and you will be credited the money since you did not initiate the payment and there is no proof that you received the product purchased.

Your company/Bank is obligated to do that. The cost will be borne by either the merchant, or one of the 2 Banks in the middle depending on whether your card is chip or not.
__________________
Windows 10 64bit - Server: C2D, 6Gb RAM, 1xSamsung 840 Pro 128Gb, Seagate Archive HD 8TB - 2 x WD Green 1TB HDs for Recordings, PVR-USB2,Cinergy 2400i DVB-T, 2xTT DVB-S2 tuners, FireDTV S2
3 x HD300s
Reply With Quote
  #3  
Old 06-12-2010, 05:23 AM
david1234 david1234 is offline
Sage Aficionado
 
Join Date: Nov 2007
Location: Beaverton, OR
Posts: 313
The one time we had a problem the CC company told us to contact the merchant first, but they made it clear that if the store wouldn't fix it, they most definitely would. Of course the store wouldn't even talk to us about it, since we couldn't provide the right customer information, and they wouldn't remove the charge because the bank "authorized it". So, the CC company removed the charge for them.

The CC companies are really "all powerful" when it comes to this stuff, and they don't like to risk customers over small dollar amounts like this. There is enough competition for customers that the CC companies take care of this stuff.
Reply With Quote
  #4  
Old 06-12-2010, 07:36 AM
CyRex CyRex is offline
Sage Aficionado
 
Join Date: Nov 2004
Location: Middletown, CT
Posts: 297
Consider yourself lucky... This happened to me a few months ago, but it my case it was a debit CC that withdrew directly from my checking account. It took me a couple weeks to notice, but in that short time, they managed to spend over $2400.

Apple was no help. They wouldn't tell me anything without being ordered to by a court. Luckily my bank was understanding and I was able to get the money back after putting my John Hancock on about 60 forms (one for each fraudulent charge).

I'm still not convinced that the person was actually using my card to purchase music off iTunes. I think that was a front, and they were really just sucking cash out of my account. I mean come on, who steals a CC only to buy $2400 worth of music???

-Dan
Reply With Quote
  #5  
Old 06-12-2010, 07:50 AM
matt91's Avatar
matt91 matt91 is offline
Sage Icon
 
Join Date: Feb 2005
Location: Washington, DC
Posts: 1,185
AMEX called me at 7am a few weeks ago to ask if I made a $1 charge at the itunes store. I said no, and they said that my card was probably compromised and that the itunes purchase was just a 'probe'. They cancelled the card and fedex'd me a new one.

I think it was related to the monoprice.com server compromise which had just happened.
__________________
Server: Ubuntu 16.04 running Sage for Linux v9
Reply With Quote
  #6  
Old 06-12-2010, 07:54 AM
Fuzzy's Avatar
Fuzzy Fuzzy is offline
SageTVaholic
 
Join Date: Sep 2005
Location: Jurupa Valley, CA
Posts: 9,957
Quote:
Originally Posted by CyRex View Post
I mean come on, who steals a CC only to buy $2400 worth of music???

-Dan
Considering CC theft has a practically zero change of getting caught (especially for things that aren't shipped to a real address), it doesn't sounds THAT unlikly.

I mean, I had a wallet stolen once, and the only charge that was made was about $40 worth of gas at the station around the corner. That's it.

Though in the OP's situation, it looks like they didn't steal CC info at all, but in stead just got his iTunes password, which had stored billing information. His CC numbers are probably safe, as the numbers are masked when viewed on the account. This is more an issue of password security than anything else.
__________________
Buy Fuzzy a beer! (Fuzzy likes beer)

unRAID Server: i7-6700, 32GB RAM, Dual 128GB SSD cache and 13TB pool, with SageTVv9, openDCT, Logitech Media Server and Plex Media Server each in Dockers.
Sources: HRHR Prime with Charter CableCard. HDHR-US for OTA.
Primary Client: HD-300 through XBoxOne in Living Room, Samsung HLT-6189S
Other Clients: Mi Box in Master Bedroom, HD-200 in kids room
Reply With Quote
  #7  
Old 06-12-2010, 08:53 AM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
Quote:
Originally Posted by Fuzzy View Post
Though in the OP's situation, it looks like they didn't steal CC info at all, but in stead just got his iTunes password, which had stored billing information. His CC numbers are probably safe, as the numbers are masked when viewed on the account. This is more an issue of password security than anything else.
I believe that is correct. I received an e-mail receipt from iTunes, and that wouldn't happen if they had just stolen my credit card number. Also, iTunes is the only thing that has been put through so far on the credit card, so it doesn't appear they actually have my card number.

I just don't know how it was stolen. Downloading the upgrade for AirVideo on my iPod Touch is the first thing I've done on iTunes in months (honestly, I can't remember the last time I logged into iTunes). I downloaded it on my iPod Touch via my WPA protected wireless network, so I don't think it was compromised that way.... time to try calling the bank again.

Thanks everyone.
Reply With Quote
  #8  
Old 06-12-2010, 09:24 AM
sic0048 sic0048 is offline
Sage Icon
 
Join Date: Nov 2007
Posts: 1,400
Quote:
Originally Posted by matt91 View Post
AMEX called me at 7am a few weeks ago to ask if I made a $1 charge at the itunes store. I said no, and they said that my card was probably compromised and that the itunes purchase was just a 'probe'. They cancelled the card and fedex'd me a new one.

I think it was related to the monoprice.com server compromise which had just happened.
Exact same thing happened to me during that period of time. Except I had not made a recent purchase from Monoprice, but I have in the past, so they certainly had my information.

iTunes seems to be a popular fraud purchase. I guess it is easy to sell the stolen credits.
__________________
i7-6700 server with about 10tb of space currently
SageTV v9 (64bit)
Ceton InfiniTV ETH 6 cable card tuner (Spectrum cable)
OpenDCT
HD-300 HD Extenders (hooked to my whole-house A/V system for synched playback on multiple TVs - great during a Superbowl party)
Amazon Firestick 4k and Nvidia Shield using the MiniClient
Using CQC to control it all
Reply With Quote
  #9  
Old 06-12-2010, 12:26 PM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
Just got off the phone with the bank. They say they can't do anything, I have do deal with Apple directly.

From what I've read online, Apple is VERY unhelpful with these sorts of things. I e-mailed them yesterday and haven't heard back from them yet (they say 24 hours). I'm not expecting much from them except a standard form letter saying I'm S.O.L.

Canceled my credit card just to be on the safe side.

Ugh....
Reply With Quote
  #10  
Old 06-12-2010, 01:45 PM
Fuzzy's Avatar
Fuzzy Fuzzy is offline
SageTVaholic
 
Join Date: Sep 2005
Location: Jurupa Valley, CA
Posts: 9,957
Quote:
Originally Posted by peternm22 View Post
Canceled my credit card...
If only more Americans would do that on general principal.. :-)
__________________
Buy Fuzzy a beer! (Fuzzy likes beer)

unRAID Server: i7-6700, 32GB RAM, Dual 128GB SSD cache and 13TB pool, with SageTVv9, openDCT, Logitech Media Server and Plex Media Server each in Dockers.
Sources: HRHR Prime with Charter CableCard. HDHR-US for OTA.
Primary Client: HD-300 through XBoxOne in Living Room, Samsung HLT-6189S
Other Clients: Mi Box in Master Bedroom, HD-200 in kids room
Reply With Quote
  #11  
Old 06-12-2010, 01:59 PM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
Quote:
Originally Posted by Fuzzy View Post
If only more Americans would do that on general principal.. :-)
I never carry a balance on the credit card. It's exclusively used for online purchases, since there is no other way to pay for things online (apart from Paypal, which seems even worse). I wish there was another (safe) way to buy things online, but there isn't.
Reply With Quote
  #12  
Old 06-12-2010, 02:57 PM
Lucas Lucas is offline
Sage Icon
 
Join Date: Aug 2004
Location: Greece
Posts: 1,156
Quote:
Originally Posted by peternm22 View Post
Just got off the phone with the bank. They say they can't do anything, I have do deal with Apple directly.

From what I've read online, Apple is VERY unhelpful with these sorts of things. I e-mailed them yesterday and haven't heard back from them yet (they say 24 hours). I'm not expecting much from them except a standard form letter saying I'm S.O.L.

Canceled my credit card just to be on the safe side.

Ugh....
What reasons did the Bank give for not helping. If you say you want to dispute a transaction then there's a certain process they have to follow.
They will request the trace evidence from the Bank with which the merchant (Apple) connects to for clearing payments.

Now that I read your OP more carefully it seems that someone got hold of your credentials. Most likely case is a trojan. Your e-Banking userid, password and certificate could also be at risk.
Many of the main stream AV software don't capture the recent key loggers.

I would try a few different AVs and malicious software scanners just to be safe. (bit diffender, spybot etc)
__________________
Windows 10 64bit - Server: C2D, 6Gb RAM, 1xSamsung 840 Pro 128Gb, Seagate Archive HD 8TB - 2 x WD Green 1TB HDs for Recordings, PVR-USB2,Cinergy 2400i DVB-T, 2xTT DVB-S2 tuners, FireDTV S2
3 x HD300s
Reply With Quote
  #13  
Old 06-12-2010, 03:23 PM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
They said that since it was my iTunes account that was compromised, and not my credit card number it wasn't their responsibility and that I should contact iTunes.

If it was a keylogger, my iTunes login details seem like one of the least interesting things to steal. As I said before, I haven't logged into iTunes on my computer for months. I have used my credit card number for several purchases in that time, so I would think that would be the first thing compromised.

I just setup a new computer a few days ago (not because of the fraud, I was planning on doing it anyways), so the old computer which would have been "compromised" is no longer in use. I ran MBAM just a few weeks ago on that computer, and nothing came up. I'm pretty strict about blocking things on my system before they can become a problem (auto updating blacklist of sites in HOSTS file, No Script on Firefox, Windows patches as soon as they come out).

Honestly, I don't think my computer was compromised by any type of keylogger. I've read some message boards and blogs, and I'm finding literally hundreds of people saying this has happened to them with iTunes. Is it possible someone could have bruteforced my password or my password reminder question?
Reply With Quote
  #14  
Old 06-12-2010, 03:27 PM
jpwegas jpwegas is offline
Sage Expert
 
Join Date: May 2007
Posts: 502
Quote:
Originally Posted by peternm22 View Post
I changed my iTunes password, and deleted my credit card info. E-mailed Apple asking them to fix it, and I phoned my credit card company but they are closed right now. I'll contest the charge when I get a hold of them, and have them cancel the card.
I've never heard of a credit card company that doesn't have a 24 hour fraud line.

--John
Reply With Quote
  #15  
Old 06-12-2010, 03:35 PM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
Quote:
Originally Posted by jpwegas View Post
I've never heard of a credit card company that doesn't have a 24 hour fraud line.

--John
Thought it was bizarre too, especially since the card is from a major bank in Canada. There were two options on the prompt, one to report a stolen card, and one to contest a charge. I went for the contest a charge option, and it said to call back during business hours. I'm guessing the stolen card option would be open 24/7, but since the card wasn't actually stolen/compromised....
Reply With Quote
  #16  
Old 06-12-2010, 03:37 PM
jpwegas jpwegas is offline
Sage Expert
 
Join Date: May 2007
Posts: 502
Quote:
Originally Posted by peternm22 View Post
They said that since it was my iTunes account that was compromised, and not my credit card number it wasn't their responsibility and that I should contact iTunes.
I'm not sure that matters. The laws in the US cover unauthorized use. Your card was used by an unauthorized person. Period. If someone breaks into your house and writes down your card number and uses it, does your bank tell you to take it up with the lock manufacturer?

Dispute it and let Apple prove it that it was a legitimate charge.

--John
Reply With Quote
  #17  
Old 06-12-2010, 03:39 PM
jpwegas jpwegas is offline
Sage Expert
 
Join Date: May 2007
Posts: 502
Quote:
Originally Posted by jpwegas View Post
The laws in the US cover unauthorized use. Your card was used by an unauthorized person. Period. If someone breaks into your house and writes down your card number and uses it, does your bank tell you to take it up with the lock manufacturer?
Just saw your reply that the card was from a Canadian bank. I'm not sure what the requirements are for unauthorized credit card use in that case.

--John
Reply With Quote
  #18  
Old 06-12-2010, 03:41 PM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
I read a story of another person in Canada with the same bank I have, and they couldn't get their money back.

One thing that seems a bit odd is that they only went for $20 worth of charges. I didn't discover the charge for a few days, so they had more than enough time to buy more things.
Reply With Quote
  #19  
Old 06-12-2010, 04:07 PM
GKusnick's Avatar
GKusnick GKusnick is offline
SageTVaholic
 
Join Date: Dec 2005
Posts: 5,083
Quote:
Originally Posted by jpwegas View Post
I'm not sure that matters. The laws in the US cover unauthorized use. Your card was used by an unauthorized person. Period. If someone breaks into your house and writes down your card number and uses it, does your bank tell you to take it up with the lock manufacturer?
A better analogy might be a fast-pass transponder in your car that debits your account automatically every time you drive through a tollbooth. If somebody steals your car and goes joyriding on toll roads, are you liable for those toll charges? I'm guessing the bank will say you are, since you did after all authorize the use of the account for settling those charges. It was the use of the car that was unauthorized, and that's not their problem, since the car thief never had your credit card info in order to make any direct fraudulent use of it.

I'm not a lawyer (or a banker) but it seems to me the same reasoning can be applied to the iTunes hack. The hacker never had your credit card info, or used it fraudulently; they just went joyriding on your iTunes account, which you had already authorized to use your credit card for all charges arising from that account.
__________________
-- Greg
Reply With Quote
  #20  
Old 06-12-2010, 04:21 PM
peternm22 peternm22 is offline
Sage Expert
 
Join Date: Jan 2005
Posts: 709
I can see the banks point of view in this. From the stories I've read online, I can see some people have had their bank refund the money (others have not been so lucky). I was just hoping they would be able to do something, since I hold out little hope for Apple doing anything. I'm betting that they tell me I need to dispute it with the bank.

The more reading I'm doing about this leads me to believe they bruteforced the password somehow.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Itunes support MTisza SageTV Software 6 04-07-2009 08:13 PM
Sage-community.org has been hacked? srothwell SageTV Customizations 7 06-14-2008 11:41 AM
webserver and itunes sageAfficianado SageTV Customizations 0 11-02-2007 09:55 PM
getting hacked off! ukmgranger SageTV Beta Test Software 21 08-17-2005 06:19 PM


All times are GMT -6. The time now is 07:08 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2023, vBulletin Solutions Inc.
Copyright 2003-2005 SageTV, LLC. All rights reserved.