Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Protect Your iTunes Account Financial Information


  • Please log in to reply
5 replies to this topic

#1 MowGreen

MowGreen

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 07 August 2010 - 11:17 AM

Due to the ongoing issue of iTunes Music Store (iTMS) accounts being hacked we highly recommend that all Credit/Debit card and PayPal account information be removed from the acccount.
Unfortunately, Apple requires that a User creating a new account must enter the aforementioned information. Do so and log out.
Then log back in and remove all financial information.
Here's a video that shows how to setup an iTunes Music Store account.

We also recommend that a Debit card never be used unless the account it's linked to contains a small amount of funds that you are willing to lose.

It takes much less time to enter Credit/Debit card and PayPal information when making a purchase then it does to contact a financial institution for redress if or when an iTMS account is hacked.

One last word of warning ... never do a financial transaction from an unsecured wireless network. The convenience is not worth the risk !

Edited by MowGreen, 12 August 2010 - 12:58 PM.

Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 07 August 2010 - 07:16 PM

Hi Steve,

A clarification please.

Unfortunately, Apple requires that a User creating a new account must enter the aforementioned information. Do so and log out.
Then log back in and remove all financial information.


What about the other sensitive info contained there? Name, address and DOB. Or are the bad guy's really only interested in the financials?

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 MowGreen

MowGreen
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 09 August 2010 - 11:31 AM

So far the bad guys are only interested in money. When an iTMS account has been hacked

1. Content was charged to a financial or gift card and said content was never downloaded.
2. Content was charged to a financial or gift card and said content was downloaded to a different IP address then the one the Victim normally uses.

All platforms are affected. Some Victims had all Apple devices ( iPod/iPad/iPhone, etc .).
Some Victims had a mixture of devices ( PC/Mac, etc. ).

One Victim I contacted had his iTMS account hacked when doing a transaction from an unsecured wireless internet cafe network while in Europe.
Some Victims never used a wireless connection of any sort to do any transactions, yet still had their iTMS account hacked.
Some Victims only did transactions via an iPad/iPod/iTunes, or Mac.
Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 09 August 2010 - 12:43 PM

Any idea where the vulnerability resides?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 MowGreen

MowGreen
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 09 August 2010 - 12:56 PM

Just theories and anedoctal evidence ... there may be a vulnerability or vulnerabilities in the iPhone's/iPad's/iTunes software; there may be apps that contain embedded malware. The most commonly used tactic for those who run Windows are emails with malware embedded attachments or phishing emails, supposedly sent from Apple.
Since Apple pushes pre-checked fluff when updates to the iTunes software is pushed out ( Safari, QuickTime, etc. ), a User is then obligated to keep said fluff updated, too.
It would behoove folks to decline unwanted, unneeded fluff when confronted with an iTunes update by unchecking the boxes next to it. Or, be extremely dilligent and ensure that all pre-checked fluff that Apple wants to install is always kept updated to it's latest Version.
Steve Wechsler (akaMowGreen)
MS-MVP 2003-2011
Windows Expert - IT Pro
Consumer Security

*-343-* FDNY
NEVER FORGOTTEN

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 09 August 2010 - 01:25 PM

Extremely helpful info.
Keep us posted.
Thanks :thumbsup:
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users