Hacked Off

I’m in Paypal / iTunes hell.

On my birthday someone made over $160 of unauthorized charges by purchasing music on itunes. It was paid using my paypal account, which I use as the default payment for iTunes.

Apparently there’s a well known glitch in iTunes security that allows hackers to use someone’s birth day to hack their password. It’s happened to more than just me.

Paypal denies that these 4 charges ($40, 40, 40 and $20) were unauthorized. iTunes refuses to talk to anyone but Paypal about it, and paypal refuses to talk to anyone because the cases are closed. They closed them the same day they opened them, by the way. Way to do some intensive forensic research, Paypal…

It seems that once a hacker knows a victim’s birthday, they can hack in and change the security questions in an iTunes/Apple account, and then all hell breaks loose. It’s been documented online by folks whose accounts were hacked AND security questions were changed, but from what I can see, Apple is still denying it’s a problem.

I love Apple. Love my mac, love my ipod touch, love how they enhance my life. I do NOT love the runaround I’m getting on this. This was DEFINITELY not a case of my paypal account being hacked, or someone hacking into my computer – it’s an iTunes problem.

Paypal is – as usual – not a lot of fun to deal with, but the problem is definitely on Apple’s end. I did, hope, however for more protection from paypal.

Anyone else have a similar iTunes story, I’d love to collect them and publicize them as much as possible.

The only phone number I was given by Apple (ostensibly for their fraud department) was a message-only line giving a fax number for Law Enforcement, not for “ordinary” customers.

Is filing a police report my next step? Does anyone know if there’s a class action on this? I’m thinking there must be a LOT of folks affected by Apple’s lack of security.

If you enjoyed this post, make sure you subscribe to my RSS feed!