iTunes hack faces swelling complaints, casting shadow on iCloud

Numerous users have reported their iTunes accounts were hacked, blaming a Sega app called Kingdom Conquest for removing funds, and some users had never downloaded the game. Other apps were blamed for draining accounts too.

Betanews revealed this news a week ago, and dozens of iTunes users reported their account issues. The same problem has been existent since late 2010, but the number of complains has increased significantly since last May.

Some of the victims had their credit card and payment information removed from their account, indicating Apple's awareness of the attacks and its active efforts in protecting the users.

Apple has not responded to Betanews in confirming the issue, despite numerous reports indicating a widespread hack into iTunes. Apple's silence leaves users to speculate on the severity of the issue. On the other hand, Sega has confirmed its ongoing investigation. We are currently investigating this claim as well as some others, but since we have no access to any customer's iTunes account information or transaction histories we highly recommend contacting Apple directly, the company said in its online forum.

Users are reporting their problems in posts on Apple's Support Communities website. The thread is titled iTunes store account hacked. Some posts are shown below:

This happened to me today. I woke up to several emails telling me about payments from my PayPal account. Upon investigation, I found that a free app called Kingdom Conquest had been purchased (quotes because it was a free app) and subsequently several purchases of credits/coins/whatever were made through my iTunes account. They dinged me for about $100 from PayPal and wiped out my iTunes balance as well.

I have filed disputes with PayPal and reported this to Apple. I heard back within an hour from Apple, and they refunded my credit balance. Kudos to them for doing that. I have changed my iTunes password and username. Bizarrely, the hacker (if that's what it was) didn't attempt to lock me out of my account. Thank goodness for that. Be aware, however, that this is ongoing. I was not phished. I have a long, complicated (but not random) password. Still, they got access to my account. Best advice I have outside of disabling your iTunes account is to completely remove any attached credit cards or bank accounts. - Craig Williams

I also had my account deactivated over the weekend. Apple offered no explanation, but I presume this was an attempt to drain my account again. It took 3 days to recover the account this time, and another round of changing passwords and security questions. Now I have my credits, but I'm not in a buying mood and I missed the holiday sales. -lusid

There are ways for the hackers to disguise their IPs, etc. but it should be perfectly clear to Apple that the number of reports of fraud related to unauthorized KindgomConquest purchases on gift cards show a clear pattern of the system being compromised. - carboncanyon

The success of iCloud in the music industry - where Apple is said to be lagging behind - heavily depends on iTunes, as the new iTunes in the Cloud beta software was introduced as a service that allows users to download new music, apps, and buy book on their Apple devices wirelessly, and without syncing. iTunes Match was highlighted by Steve Jobs at WWDC's key note as a service that will scan your computer for music and determine which songs are available in the iTunes store, and adding matched music to the iTunes library.

iTunes' future was bright, and will hopefully remain bright. But Apple will need to calm the swelling complaints from iTunes customers over the hacking storm.