Forgot your password?
typodupeerror
Security Apple

Massachusetts Attorney General, Victim of iTunes Fraud 100

Posted by samzenpus
from the poking-the-bear dept.
chicksdaddy writes "Massachusetts Attorney General Martha Coakley said on Tuesday that her office would be inquiring into long-standing complaints about fraudulent purchases that leverage Apple's popular online music store. Coakley was herself a victim of identity theft in recent months, telling the audience that her stolen credit card information was used to make fraudulent iTunes purchases. When asked (by a Threatpost reporter) about whether such fraud constitutes a reportable event under the Bay State's strict data breach notification law, 201 CMR 17, Coakley said that her office would be looking into that question and demanding answers from Cupertino, which has steadfastly refused to respond to media requests regarding user reports about fraudulent iTunes purchases, and which has not reported the breaches to Massachusetts regulators."
This discussion has been archived. No new comments can be posted.

Massachusetts Attorney General, Victim of iTunes Fraud

Comments Filter:
  • Obviously (Score:4, Insightful)

    by Anonymous Coward on Wednesday September 21, 2011 @05:10PM (#37472854)
    Only now that she was affected does she look into it. It didn't matter that everyone else was.
    • by kimvette (919543)

      Don't forget: Coakley maintains "Technically it's not illegal to be illegal in Massachusetts"

      She needs to be removed from office ASAP.

      • by geekoid (135745)

        oh please, an out of context statment? do you ahve any links to the actual discussion? becasue everything in goolg links to the quote with no context.

        Assuming the IMPLIED context is correct*, then she made a correct statement regards MA law.

        So in any case, you've been duped by a group of people who routinely take things out of context,, and then put them in the most controversial light.

        *always a risky assumption

    • Well, she has to make certain she wasn't holding the card wrong.

    • by OakDragon (885217)
      Also, someone is using her identity to run for U.S. Senate.
    • by msauve (701917)
      She has to look into it because iPods are scary. They have batteries and wires [wired.com] in them!
  • by SleazyRidr (1563649) on Wednesday September 21, 2011 @05:11PM (#37472868)

    Attack the Attornies General so they realise how the real world works and kick up enough stink to get the laws we need.

    • . . .she will use her uncommon influence to resolve her own problem and thus conclude that the legal system works "as-is".

    • same old same old.

      laws that apply to regular people don't matter to those who have influence.

      but once one of 'our' laws hits them, oh boy, fire and fury follows!

      what a farce our 'justice' system is...

    • This has to be done very delicately. Pick the wrong fight, or from the wrong angle, and we all end up with mandatory keyloggers built into every OS.
      It is as much a psychological puzzle as a moral fight.

  • She should post the password she used so we can tell if it was likely to be a brute force type attack.
  • by PeanutButterBreath (1224570) on Wednesday September 21, 2011 @05:21PM (#37472950)

    Some day she is going to find herself wishing that she just admitted to her IT guy that she likes the Jonas Brothers and downloaded those tracks herself rather than letting this fraud story spiral out of control.

  • Im confused (Score:5, Insightful)

    by Altus (1034) on Wednesday September 21, 2011 @05:26PM (#37473032) Homepage

    I could see, if her identity was stolen from the records that apple has, how the new laws would apply to Apple. But her identity was stolen from elsewhere and then her credit card used to purchase stuff from Apple. I can't really see how Apple has anything to do with it. Would you go after Shell if someone used a stolen card to buy some gas?

    Sure, dell stopped the purchase of a multi hundred dollar computer, but should Apple have to check ever 99 cent transaction? I don't even have to sign receipts most places if the total is under 20 bucks. If she canceled the card, isn't that her banks fault?

    The data breach laws seem like a good thing, its important that Apple and others protect information about their customers against theft, but her identity was stolen during a ski trip to New Hampshire. That doesn't seem like it has anything to do at all with Apple or iTunes.

    • You are not confused. The AG is. You are actually right that this fraud doesn't involve apple at all. But that won't matter.

    • Re:Im confused (Score:5, Insightful)

      by oboylet (660310) on Wednesday September 21, 2011 @05:45PM (#37473240)
      This happened to me as well. A series of mysterious iTunes charges popped up all over my CC statement, totaling hundreds of dollars. The charges all show up as "1800-APPLE-XYZ" or some such. Call up that number, and there's a recording that refers you to itunes.com/cc (or whatever). On that site, it refers you to the useless 1800 number. When I contacted my credit card's fraud hotline they said they had been having all sorts of problems with fraudulent charges at iTunes. Mysterious charges, and they (Chase) could get no answers from Apple. Since Apple wouldn't reverse the charges, I had to file a fraud claim, and get a new card. A big hassle for me. By the way, this was in the Spring of 2010. IANAL, but if there is a history of fraudulent activity and the vendor has ignored it, then yes, I'd say they have some responsibility "to check every 99 cent transaction."
      • by whoever57 (658626)

        This happened to me as well. A series of mysterious iTunes charges popped up all over my CC statement, totaling hundreds of dollars.

        You think that's a large fraudulent charge? Last month, my credit card got hit for not one, but 3 charges of $1030 each, plus the credit card's foreign exchange fees. Over $3200 in total. All three charges came from a caribbean airline.

        • That happened to me after I got back from a vacation and I suddenly understood why the guy who swiped my card at the gas station "had" to use a new reader.

          Funnily enough, the credit card statement not only had plane tickets on there, but also the names of the people for whom they had been issued. I did a quick search for the names in the same state as the departing airport and found their address.

          If I were more of an Internet tough guy I would have called them and told them that I knew where they lived and

      • Same with me, except that they did reverse the charges when I emailed them. They even found one that hadn't posted yet and reversed that. I have no complaints about how they handled it - they sent me a lengthy email with a ton of details - the accounts using my card, the email addresses used (a few; variations of my name @ovi.com), all of which I passed on to my bank.

        They were fast - after spending $160 at iTunes, they spent $380 at FedEx in 12 charges of about $30. I checked my statement the next day by lu

    • by geekoid (135745)

      Apple is supposed to report fraud complaints. They refuse to do so.

      • by Altus (1034)

        that may or may not be true, but it has absolutely nothing to do with the story of what happened to her particular credit card, which is what the article is about.

  • Apple maintain the position that it is end users that are being compromised, and not their servers - so why should they need to report anything if there is no evidence to the contrary?

  • Breach by Apple??? (Score:4, Insightful)

    by superdave80 (1226592) on Wednesday September 21, 2011 @05:27PM (#37473046)

    ...her stolen credit card information was used to make fraudulent iTunes purchases. When asked (by Threatpost) about whether such fraud constitutes a reportable event under the Bay State's strict data breach notification law, Coakley said that her office would be looking into that question and demanding answers from Cupertino,...

    Huh? How is this a 'breach' by Apple? Her credit card was stolen by somebody, and then used to buy something from iTunes. Apple wasn't hacked into; they processed what looked to be a valid credit card transaction.

  • The problem for apple is that because it has become such a popular provider of these services, at some point some powerful people get the same problems as everyone else, and then it's a problem. But no matter how politically incorrect that may be, it's is plain stupid of Apple to be totally ignorant on Murphy's law. That lawyer might just know how to peel an Apple... And if he doesn't then someone else might. So let's all wait for the inevitable. I think this whole Itunes problem is clearly something Apple
  • by geekoid (135745) <dadinportland @ y a hoo.com> on Wednesday September 21, 2011 @05:50PM (#37473290) Homepage Journal

    and apologists are out early.

    "Informed of the well documented pattern of fraud through iTunes, in which stolen credit cards or bogus iTunes gift cards are matched with compromised iTunes accounts and used to purchase merchandise, Coakley said she wasn't aware of the larger pattern, but that it could be a reportable offense under the State's data privacy law. She promised her office would be contacting Apple for more information that very afternoon - a statement that received hearty applause from the audience."

    Apple is being compromised, Apple hasn't reported as required.

    Apple seems to be in the wrong here in that the have violated MA privacy laws.

    • by tlhIngan (30335)

      Apple is being compromised, Apple hasn't reported as required.

      [citation needed]

      Apple being compromised would be a big deal, as it would basically reveal probably 200+M accounts and credit card details. That's a huge breach, probably the largest to date, outdoing Sony.

      Problem is, is it true? Or is it because almost everyone has an account with Apple that there will always be some group compromised?

      And there are people who find iTunes charges without ever using iTunes Store or buying a single thing at Apple.

    • And the Apple haters can't bother to read the article or even the summary. The AG card's was stolen. Would it be any different if her stolen card was used to buy Amazon MP3s? What you are interjecting are rumors that there might be an iTunes breach; however, there isn't any evidence that it is a breach. Judged by the relatively small numbers, it may be a case of easily guessed passwords or compromised username/password info when people use the same ones for multiple sites.
    • by guruevi (827432)

      People use way too simple passwords too. I was recently informed that one of my passwords was too simple (although it's 8 characters long and I thought pretty unique).

      They had took their own password database to analyze it (the passwords were encrypted) as well as a multi-lingual dictionary and fed it into a GPU system. In a few seconds they had cracked all the standard dictionary words for about 300,000 passwords. They then went through all the combinations and variations (1337 speak etc.) of their diction

  • The issue really isn't about Apple (from what I can tell) Really the issue is how bad this law is.

    From TFA:

    "the unauthorized acquisition or unauthorized use of unencrypted data or, encrypted electronic data" that creates a "substantial risk of identity theft or fraud against a resident of the commonwealth"

    So it sounds like, if someone steals a credit card. Then uses it to purchase an item from a store. The store is supposed to report this "unauthorized use." How is the store supposed to know the transaction is not authorized?

    Seems like a pretty dumb law to me.

  • Why would anyone steal credit card details, and then use them to buy mp3s? It boggles the mind, given that mp3s are so much easier to steal and harder to trace. It would lead me to a conspiracy theory if it weren't for the fact that I really don't care enough about the issue to waste my time thinking one up.
    • by tlhIngan (30335)

      Why would anyone steal credit card details, and then use them to buy mp3s? It boggles the mind, given that mp3s are so much easier to steal and harder to trace. It would lead me to a conspiracy theory if it weren't for the fact that I really don't care enough about the issue to waste my time thinking one up.

      Easy, to test credit cards.

      Say you've just broken into a CC processor and gotten a list of names, addresses, CC numbers and CVV codes. You need to find out if those numbers are working, and the easiest w

  • This story lets me in on some idea...It would be cool if a big official judge or senator were to have some illegal copyright music on their machine and get nabbed by the RIAA, and wanting to make an example of them just like they did that grandmother, and let that judge or senator be the victim of the RIAA's witch hunt, and bring about change to their practices....the latest I saw was a guy being charged 600k for songs....until it happens to an official, they do what they want...guaranteed that a judge or s

  • In other news, a stolen credit card was used to buy a new car today. The car dealer is under investigation for allowing it to happen...

news: gotcha

Working...