Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Mystery of Vanishing iTunes Credit Shows No Sign of Fading 195

E IS mC(Square) writes "Back on November 28, 2010, somebody started a thread on Apple's support forums about someone spending more than $50 of his iTunes Store credit on iPhone apps. That discussion thread has since swelled to more than 45 pages, with nearly 700 posts. 'Someone — or some group of someones — seems to be able to spend iTunes gift card credit without permission, buying apps that users don't want. And whoever's doing the hacking seems pretty good at it: Hundreds of users have seen their iTunes credit stolen, and the hack shows no signs of slowing, ten months after it was first reported.' Apple has refunded certain accounts, but not in all cases. Apple suggests that the hack stems from weak, easily guessable passwords, and/or phishing attacks where customers are fooled into entering their passwords into hackers' forms."
This discussion has been archived. No new comments can be posted.

Mystery of Vanishing iTunes Credit Shows No Sign of Fading

Comments Filter:
  • Re:Weak passwords?! (Score:5, Informative)

    by Anonymous Coward on Saturday September 10, 2011 @01:08PM (#37362980)

    There are already restrictions like that in place. From my iPhone when I go to edit my password on my account:

    Passwords must be at least 8 characters, including a number, an uppercase letter, and a lowercase letter. Don't use spaces, the same character 3 times in a row, your apple ID, or a password you've used in the last year.

    The only thing missing from that is a punctuation mark, but as you can see, they already have quite a few requirements on what you need to have for a password.

  • by YesIAmAScript ( 886271 ) on Saturday September 10, 2011 @01:19PM (#37363050)

    First, iTunes cards have the number hidden on the cards in the store, you have to scratch off a coating.

    Second, with an iTunes card, you transfer the card balance into your account all at once, after that the card is completely useless. So if you can complete the transfer, the card was valid and not compromised and after you transfer the card, it doesn't matter if it was compromised, because the value is gone from the card and is in your account now. You cannot use the card to spend the value on apps, you have to have access to the account you transferred the credit into.

    What people are complaining about here is that they have a credit on their account (perhaps from one of these cards) and it is being spent out of their account. This can't be done with any kind of compromise of the gift cards themselves.

    These people's accounts have been compromised. It's unclear how that happened.

Evolution is a million line computer program falling into place by accident.