Over the past few years, I have embraced some of Apple’s new technology. Specifically, I bought an iPhone 3G and have loved it. For better or worse, it has given me a new sense of connectivity to the world. I can use VPN connectivity to monitor my internal or customer databases from anywhere with a 3G connection. And the games sure keep the kids entertained while eating at restaurants where the service is slower than anticipated.
The positive side of the iPhone is undeniable. However, I have now found that the negative side of Apple is also undeniable. Let me explain.
First, I find it appalling that you cannot make a simple phone call on an iPhone until you register your device thru iTunes. Since I have always been a fan of Napster, I did not have an iTunes account. So I was forced to open an iTunes account and give Apple my credit card information BEFORE I CAN EVEN MAKE A SINGLE PHONE CALL. What?! Really?? Horrible business decision.
Fast forward a year, and I have upgraded to an iPhone 3GS, handing down my iPhone 3G to my wife. (She originally got a brand new 3GS, but had it stolen within 3 weeks. Apple and AT&T were incredibly reluctant to help recover the stolen device, but that is another blog post.)
One day, my App Store icon on the iPhone 3GS tells me that I have 5 application updates available. So I proceed to attempt to download them by entering my iTunes password. Upon entering my password, iTunes tells me that the Apple ID or password is invalid. Several failed attempts later, iTunes takes me to https://iForgot.apple.com, to help me recover my Apple ID password. When I enter my Apple ID (the same Apple ID that was used by the App Store app to inform me of the updates in the first place), the website tells me:
“The Apple ID you entered DOES NOT EXIST.”
Excuse me? My iPhone is using that ID. iTunes on my Windows 7 desktop is using that ID. How does it not exist? So I promptly email Apple technical support. Their reponse:
“After careful review, I found that you are being told “<your email address>” does not exist because, quite simply, it doesn't. I noticed that your account, which was formerly named “<your email address>” was actually renamed to be "<non-existent email address>".
Um, WHAT? Why would I rename my account? How and when did this happen? Again, Apple’s tech support response:
“Regrettably however, I am not able to provide any information about account activity, including when this change was made. However, I am more than happy to get this all sorted out for you.”
So after answering a myriad of security questions, Apple Technical Support was kind enough to reset my password on the account using the <non-existent email address>. When I logged into my iTunes account, I was met by a prompt to download my pre-order of Avatar. Again, WHAT? I’ve not pre-ordered Avatar. So I look at my Order History, and my jaw hits the floor.
If my calculator is correct, between 4/15 and 4/16 I purchased $353.51 worth of new content from iTunes!?!
Holy Shit!?! Really? My single largest purchase from iTunes in the previous 2 years was $5.98. Suddenly, I went on a spending spree of $353.51?!
Oh, and that happens to coincide with the following account activity:
- Changing the account email address / name;
- Changing the account password;
- Changing the account security question;
- Changing my birthday on the account (which Apple uses as a secondary security question)
How much more of a fraud alert does someone need? Apple did not send me a single confirmation email when any of my security information was changed. They did not confirm the new email address (as the new one obviously doesn’t exist). They did not detect a nearly 60 X increase in my spending habit. And they didn’t bother to realize THAT ALL HAPPENED AT THE SAME TIME.
When I alerted Apple to what happened, here is their response:
“I now understand you are concerned about purchases that were made with your iTunes Store account without your permission or knowledge. I truly am sorry to hear that this has happened to you.
To prevent further purchasing, I have disabled your account. Please note that your iTunes account can be enabled in the future by providing specific information to iTunes Store support.
I urge you to contact your credit, debit, or payment card issuer as soon as possible to inquire about canceling the card or account and removing the unauthorized transactions. You should also ask them to launch an investigation into the security of your account. The iTunes Store cannot reverse the charges.”
iTunes CANNOT REVERSE THE CHARGES? I am informing Apple of fraudulent charges, and their response is “we disable your account and ask you to cancel the credit card, otherwise we are keeping the money”. I find this just slightly unacceptable.
Even better is this gem at the bottom of their email:
“I hope the information I've provided proves to be helpful to you Jeff, and that that you are able to resolve this matter with the help of your card issuer. When you are confident the matter is resolved, please return to the Apple Account Information page, click the Edit Payment Information button, and enter your billing information.”
Why YES INDEED, the information you have provided has been more than helpful. You want me to log into my compromised account, and GIVE YOU MY NEW CREDIT CARD INFORMATION!? Hey Apple, GO FUCK YOURSELF.
6 comments:
Holy crap. Thanks for the heads-up. Hope your credit card issuer is more helpful.
William did it :)
I have a similar story that happened in the last four days. I have a platinum AMEX card for business that I rarely use, only for purchasing computer equipment. I had only used it recently to purchase a fully loaded, new MacBook Pro (on 4/16). I had not used the card in the last 120 days for anything else.
On 4/23 and 4/24 someone used my AMEX to run up over $7,000 of charges in two days. Over $5k of building materials in Atlanta, Georgia and what appears to be plane tickets for an escort to fly out from Los Angeles to visit them. I caught it 4/25 and it is with AMEX fraud department now. I also filed police reports in my home town and Atlanta in hopes that someone will go to jail for this.
Bottom line though, it is a very high probability that my credit card information was compromised via Apple. It was not via my iTunes account like you and many others are reporting on the forums in the last few months, but through the Apple Store itself. I have since removed my personal credit card info from my iTunes account to be safer than before. It'll be a pain to purchase tunes now, but it is not a requirement to have it on file.
I've just had the same experience as Jeff, only my c/card data has been stolen. It was only used on the App Store and Apple are useless at trying to provide any decent customer support or help.
Sorry to hear of your experience, I came across this post while preparing a blog post on my own very similar experience. My account name and password were changed, and someone charged over $1,000 worth of music, movies and apps in just a few hours. My credit card called me to report the suspicious activity and reversed the charges.
Apple's customer service was of no help whatsoever. After my credit card company disputed the charges, they closed my account without contacting me. I have not been able to get Apple to reactivate my account (or even respond to my emails), so now any movies or protected aac music files I "bought" from iTunes in the past are inaccessible to me.
This is kind of like my local record store owner breaking into my house and taking back all the LPs he's sold me over the years because we had a billing dispute on another item.
You are far from the only person to have experienced this. The government of Japan has even made an official inquiry about this problem. Unfortunately, consumer protection laws in the US are stacked in favor of large corporations like Apple, so you have very little recourse.
The one person I managed to get on my the phone from Apple told me that if my iTunes account was compromised, it would be "the first time in history" that had every happened to anyone.
SAME exact thing happened to me. My Store Country was changed to China and most of the apps were Chinese. All signs point to the account being hacked into via the backend. No warnings from Apple. I've since changed my password on all other websites I frequently use, and every single one of them sent me an e-mail warning me that my password was changed. Here's the best part of my story - Apple cancelled my account pointing to their Terms of Service in which it says I am responsible for my account and any unauthorized charges are my fault. So now I have $400 of legitimate iTunes apps that can no longer be updated.
Post a Comment