Scammers steal from PayPal accounts of iTunes users

Yesterday reports were flying in that a "major security hole" in iTunes accounts linked to PayPal was being exploited. The problem turns out not to be a "major security hole" associated with iTunes accounts but rather a phishing scam that's actually pretty common. The scammers found a way to charge thousands of dollars to iTunes accounts through PayPal. One particular user who contacted TechCrunch reported 50 charges from PayPal of $99.99 each and luckily caught it in time before his bank distributed the funds to PayPal. Unfortunately, not everyone was able to catch the charges before funds were transferred but PayPal is reimbursing users for the fraud. An Apple spokesman did comment that the company is aware of the issue.


blockquote>"Among other new security measures iTunes now requires more frequent re-entry of a customer's credit card security code," the spokesperson said. "But if your credit card or iTunes password is stolen and used on iTunes, we recommend that you contact your financial institution and inquire about canceling the card and issuing a charge-back for any unauthorized transactions. We also recommend that you change your iTunes account password immediately."

So if you have not already done so, we highly recommend you check to make sure your account is safe and check out Rene's write up on how to minimize the chance of your iTunes account being hacked.


Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!


Community editor. Tech enthusiast. All-around geek.

More Posts



← Previously

Apple files patent for dual-mode iMac touch

Next up →

iTunes U: over 350,000 files, 300 million downloads

Reader comments

Scammers steal from PayPal accounts of iTunes users


This happened to my sister about a week ago. Luckily, she was able to cancel the charges and get everything reversed. Her problem was a series of in-app purchases.
From now on, both her and I have removed ANY reference to Paypal or credit/debit cards from our iTunes accounts and will ONLY use iTunes gift cards. That way our damage is limited and we can reload as necessary.
It was amazing what she had to go through - Apple didn't have an actual person to talk to (she had to issue a fraud alert through iTunes and submit an online form), and Paypal was initially deferring, saying that because she had authorized Paypal and iTunes together, there was nothing they could do about it.
Apple needs to get their heads straight on this...

From everything I've read, this is just another Phishing scam... nothing more. Of course if it was some app that was the "phisher" and made it appears as though it was for an in-app purchase, that part needs to be discovered. Otherwise, this has nothing to do with iTunes and Paypal directly but with people still falling for phishing scams.

Don't use your bank account if you don't have to in paypal! Protect yourself by using a credit card. You just call the credit card company and say that it was used fraudulently, and that's it.
Paypal tries to push people to use bank accounts instead telling you how safe and convenient it is. Credit cards are safer and just as convenient. Paypal makes more money when you use your bank account. That's the only reason they push you towards the bank.

This is why I have one account just for connecting services like Paypal. There is no guarantee that they will correct problems that arise so I like having their access to my funds being severely limited.

Yes, the "breach" seems like straightforward phishing, rather than any flaw in the iTunes store, but Apple needs to address the other common complaint, as noted by Chris here and by others in most articles - that Apple's post-phishing/post-fraud customer service leaves something to be desired. Jobs likes to boast about how many credit cards are on file with Apple (as he should, it is one heckuva achievement), but with that comes another (difficult) dimension of service responsibilities, one which Apple needs to improve.

This is why i do NOT use paypal,
Further more those bastards take literally FOREVER to "investigate" cases, and when they finally finish, you end up getting SCREWED and the scammers always win.
@$@$# paypal.

I don't use paypal much. But they do suck, I just recently sold a bunch of stuff and they limit your withdrawals for $500 unless you add another account and fill in your social. My guess is to send you a 1099 at the end of the year. Which sucks because what if your grandmother sends you $500 a month and you want to use it for a few other things. They are charging you and filing with the IRS for your grand mother sending you money.
This particular issue is totally phishing. Which sucks. Why can't people just leave things alone?

I wonder just how many of these people were "hacked" because they use their iTunes password and other passwords over unsecured WiFi connections with their iDevices?

From What I have read, this has been going on for some time. I that is indeed the case, Apple and Paypal need to come together and get this solved.
I have also read that it is because of phishing scams. People should know never to give our personal information over email to someone they don't know. You wouldn't give your social security number to a stranger you just met, why would you give your password and credit card info to an anonymous email account? This is why people need to be vigilant about security in the internet. Companies can not be trusted to do it for us.

This is absolutely NOT a phishing scam. It happened to us, and there is no way it is linked to any response on my part. Impossible! I found evidence this was definitely a back door operation. Praises go to PayPal exclusively for their commitment to the people.

I was afflicted by this today -- tons of in-app purchases, up to about $700. It was definitely not a phishing scam, as I use a dedicated, unique login for the iTunes store that I don't use anywhere else. I think there is more to this than is known.
Between Apple, PayPal, and my bank, all is well now. From the PayPal rep's comments today, this was a large scale problem.

I keep telling people, get a gift card or pre-paid credit card. How many times do you have to hear about other people getting burned before you wake up?

I had over $1200.00 taken from my account. Paypal reimbursed and my bank was very helpful in instantly shutting my account. My itunes account is still disabled.

The same crap happened to my brother. His bank was very helpful and he got all his money back but it took him ages and nerves. I have no idea why they don't improve their security systems but I know just one thing - I don't even care about it, we only use paysafecards and gift cards for our online purchases.

My brother recommended I might like this blog. He used to be entirely right. This publish actually made my day. You can not imagine just how so much time I had spent for this information! Thank you!