- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
iTunes account hacked - how?
Posted on 4/22/17 at 9:29 am
Posted on 4/22/17 at 9:29 am
I wake up this morning to a flurry of emails from Apple saying the password for my Apple ID has been changed and my iTunes account was used to purchase items from an iPhone in China.
I log on and immediately go to the Apple website, change my password and then get on support chat. We look at the two purchases made overnight that wiped out about $55 worth of funds from redeemed iTunes giftcards. They say the funds will be put back on the account within 24 hours.
I just finished a complete sweep of the computer (Win 7) with MalwareBytes (updated to latest threat database) and it didn't find anything.
I only have iTunes on this computer, and then synch it with an iPod Nano. Don't have an iPhone, don't have iTunes on any other device.
How did my account get compromised? Is Apple vulnerable to brute force attacks or was there a hack of Apple back when the Fappening stuff was done that never got publicized? Is there a possibility that there is something on my computer that MalwareBytes missed?
I log on and immediately go to the Apple website, change my password and then get on support chat. We look at the two purchases made overnight that wiped out about $55 worth of funds from redeemed iTunes giftcards. They say the funds will be put back on the account within 24 hours.
I just finished a complete sweep of the computer (Win 7) with MalwareBytes (updated to latest threat database) and it didn't find anything.
I only have iTunes on this computer, and then synch it with an iPod Nano. Don't have an iPhone, don't have iTunes on any other device.
How did my account get compromised? Is Apple vulnerable to brute force attacks or was there a hack of Apple back when the Fappening stuff was done that never got publicized? Is there a possibility that there is something on my computer that MalwareBytes missed?
4
Posted on 4/22/17 at 10:14 am to PJinAtl
Turn on 2 factor authentication. Don't have your password be 123456
Posted on 4/22/17 at 10:36 am to PJinAtl
Posted on 4/22/17 at 2:43 pm to SG_Geaux
quote:
SG_Geaux
Posted on 4/22/17 at 4:01 pm to SG_Geaux
I saw that thread yesterday, but I never go to the apple or iTunes website - I only use iTunes for music, and always buy it directly from the program on the computer. I also never follow links in emails - always type URLs directly into my browser or use bookmarked sites.
I did not have two factor authentication turned on (do now) and I thought my password was fairly strong - 9 characters, mixture of uppercase, lowercase and numbers.
Anyway, I guess it was just my turn. Very strange. Luckily it was only gift card balance funds that were used and not charged to a credit card.
I did not have two factor authentication turned on (do now) and I thought my password was fairly strong - 9 characters, mixture of uppercase, lowercase and numbers.
Anyway, I guess it was just my turn. Very strange. Luckily it was only gift card balance funds that were used and not charged to a credit card.
Posted on 4/22/17 at 9:24 pm to PJinAtl
Have you ever reused that password for anything else?
If so, if that other account was hacked and they got your login information, they will try to use those same credentials for other common sites such as Amazon, Apple, Facebook, etc.
If so, if that other account was hacked and they got your login information, they will try to use those same credentials for other common sites such as Amazon, Apple, Facebook, etc.
Posted on 4/24/17 at 9:53 am to MaroonWhite
what this guy said^^^
have you used that password and do you maybe have a linkedn or yahoo account?
have you used that password and do you maybe have a linkedn or yahoo account?
Posted on 5/8/17 at 5:08 pm to PJinAtl
I'd guess that you reuse the same password across multiple sites.
Posted on 5/8/17 at 5:24 pm to PJinAtl
If you use the same password for multiple sites, it doesn't even matter if you are hacked; the site could be hacked and they can obtain your password hash from the site's database. Using various techniques they will find out your actual password from this hash. They will then have your email address and commonly used password and will try it on other sites.
1) Use a unique password for every site.
2) Use a very long, very complex password to make it more difficult to obtain from the hash.
3) Use a password manager program to store your passwords as if you don't have one the above two points are really difficult for a normal human being
4) Turn on two-factor authentication for all sites that offer it. That way, they need both get your password and have access to your telephone in order to compromise your accounts. You'll also know if someone obtained your password if the authentication request shows up on your phone and you didn't trigger it. You can then change the password.
1) Use a unique password for every site.
2) Use a very long, very complex password to make it more difficult to obtain from the hash.
3) Use a password manager program to store your passwords as if you don't have one the above two points are really difficult for a normal human being
4) Turn on two-factor authentication for all sites that offer it. That way, they need both get your password and have access to your telephone in order to compromise your accounts. You'll also know if someone obtained your password if the authentication request shows up on your phone and you didn't trigger it. You can then change the password.
Posted on 5/10/17 at 11:36 am to efrad
#1 probably the best advice here.
Helps assure multiple accounts of yours wont get pwned if SHTF.
Helps assure multiple accounts of yours wont get pwned if SHTF.
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News