I make no bones about the fact that I have, what I thought to be, an irrational dislike of Apple products. However, the experience of someone I follow on Twitter has convinced me that there may be substance to my position.
This morning @RichardJohn awoke to find a series of around 15 emails from Apple's iTunes, each one telling him he'd just bought an £85 app from Storm8 LLC. They were all less than an hour old.
Whilst an initial telephone contact with iTunes gave much promise that they would help to resolve the issue, a later email told him that he would have to take it up with his Credit Card company to get the transactions cancelled. iTunes is, by implication, denying that the issue is their fault.
A very quick Google search suggests that @RichardJohn is not the first to suffer this type of fraud on iTunes. Indeed, not only is this fraud becoming significantly more common in the last month or so, supplier Storm8 LLC is associated with a number of these frauds as it is their products being purchased.
The frequency of these frauds would suggest that this is not a case of someone being a little careless with their account details but, quite possibly, a systemic weakness in iTunes' account security. At the very least, their fraud detection is crap. Seriously, who in their right mind would buy the same £85 app from a supplier 15 times in a 60 minute period? Does iTunes not monitor buying patterns to look out for fraud?
You'd think that Apple/iTunes would want to stamp out a fraud of this type before it affected the reputation of its service. However, despite a number of high profile blogs reporting the increase in this fraud recently, very little appears to be being done. iTunes has booted off one or two obviously dodgy developers. They have not, however, done anything about Storm8 LLC.
Apple's hesitancy could be because Storm8 does produce a distribute some genuine, reasonable apps. I had its World War game on my HTC Desire for a while. It makes its money from selling "in-game" currency or points (as Farmville does on Facebook). And it's the purchase of this that seems to be the subject of the fraud.
However, with the incredibly tight strangle-hold that Apple typically has over its markets, it would surely not be difficult to reverse out such obviously fraudulent transactions. If it was to deprive Storm8 of the revenue from these it would encourage Storm8 to investigate what is going on. With Storm8's help it surely can't be too difficult to trace where the benefit of these purchases is going and prosecute the perpetrators.
But this all hinges on Apple's & iTunes' willingness to accept that there is a problem and address it. Something Apple is not known for. It would rather deny the existence of a problem, push the blame somewhere else and address it only if and when there is a real up swell of public / media pressure.
Well, I can't wait for that. I, stupidly, used my bank debit card on my iTunes account. If someone was to run up a £1000 bill on that it would cripple me financially and I couldn't afford to wait the 2 to 4 weeks it would take to get my bank to reverse out the transactions. So I'm going to cancel my account.
I don't feel comfortable simply removing my card details. I want to delete my account completely.
Typically, they don't make this easy. There is no "Cancel my account" button.
Apparently you have to contact Apple from this page and tell them you wish to cancel your account. Something I will be doing this weekend.
Thanks for bringing this to more people's attention.
Storm8 have in fact been banned from the app store for fraud before, but have somehow been allowed back on?!
Fraud aside, there is currently a class action suit (http://dockets.justia.com/docket/california/candce/3:2009cv05234/221193/) pending against them for their applications stealing phone numbers from customers' contacts!
Apple's conduct in this has been astounding though.
"If you are sure that these purchases were not made by accident and you don't know who purchased them, consider these charges as fraudulent. Then, I urge you to contact your credit, debit, or payment card issuer as soon as possible to inquire about canceling the card or account and removing the unauthorized transactions.
You should also ask them to launch an investigation into the security of your account. The iTunes Store cannot reverse the charges directly for those purchases without chargeback orders from your credit or debit card issuer." — I believe in this situation it is actually Apple's requirement both legally and as part of the Visa merchant programme to investigate and refund fraud internally. They are flat out refusing to deal with this, but they're a big company with no phone number, so they can.
The suggestion from Apple seems to be that the problem lies with the security of your card details, yet it is clearly the iTunes account that has been hacked. The fact that the card has been used fraudulently is a side affect.
The responsibility for the fraudulent transactions clearly lies with Apple in my opinion.
If anyone has been a victim of fraud, whether it's iTunes fraud or something else, they should report it to Action Fraud (www.actionfraud.org.uk) - which is the national fraud reporting centre.
Some people feel too embarrassed to report being a victim of fraud, but it's really important because reporting it helps to catch those who are responsible. Not to mention that money from fraud can go towards funding serious crimes like human trafficking, illegal firearms trade and terrorism.
There's loads of info about fraud on Action Fraud's website, including fraud news and scam alerts, an A-Z of fraud and an online fraud reporting form (which gives you a crime reference number if you report a fraud).
Grah. I woke up this morning to find my iTunes account compromised, and my PayPal account dinged for just over $2200 in fraudulent charges (for, what else, points in Storm8's World War game).
I've read elsewhere that this has been going on since AT LEAST early July, and that Apple has claimed only 400 accounts were hacked. I don't buy that for a second.
Seems to me that if Apple actually knew WHICH accounts had been hacked, HOW they were hacked, and didn't merely want to protect their shareholders, they would've warned the owners of the compromised accounts, so that we could've taken proper precautions.
This same fraud happened to me this week. I had 32 transactions for $149.99 each for World War and iMobsters, both by Storm8 LLC. It has been over 72 hours and Apple has still not replied to me. $4800 of my money and Apple doesn't seem to care.
Went to buy something on UK App store today but found that my account had been wiped clean. 3 purchases of Storm8 LLC apps totaling £80.Luckily my credit card was not used as had £80 in gift vouchers
Hey,
Tonight my phone woke me up with a bunch of email alerts. When I looked at the email it was two PayPal charges for $99.99 each. I immediately changed my PayPal password within like 5 minutes of getting the first email.
Guess who the payments were made out to? You guessed it. Storm8.
I have a feeling it would have been more if I hadn't changed my password so fast.
I reported the charges to PayPal,
I've just had the rather curt email from apple saying that a purchase was made today on a pc that is not currently authorised to my AppleID. (Why allow it is the first obvious question).
On closer inspection, it seems that about £15 of credit from a gift card has been spent on an app and in-game purchases for some random chinese app.
Immediately changed my password, but alarmingly, when in my iTunes account I noticed that all my payment information is now blank. Slightly concerned as to where it's gone and why. A bit of time on google suggests this is common for those hacked, but no idea if it's apple security removing automatically, or if the details have been stolen. So it's off to the bank for me to cancel my debit card.
If anyone can shed any light on the missing payment details I'd appreciate it.
Andy