Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Ugh identity theft

silence1186silence1186 Character shields down!As a wingmanRegistered User regular
edited July 2011 in Help / Advice Forum
Fuck it all, help me minimize damage, please?

I just got an email from apple saying my account had been used to purchase an app on a computer never before authorized to the account. Low and behold, my iTunes balance is going down. I am seriously concerned not just about my itunes account balance, but other, more real financial accounts I possess.

I just ran crap cleaner, which takes 5 minutes.
I am now running Kapersky anti virus, which takes 1-2 hours to do a full clean.
I was planning to run Ad-Aware, which takes 3-5 hours to do a full clean.

Ugh, I'm sick to my stomach over this.

3DS Friend Code: 1891-2359-4305
3DS Friend Name: BiggsWedge
Pokemon Y In-game name: Biggs, Shiny ID: 475

Posts

  • JaysonFourJaysonFour Classy Boatrower-Kitteh Registered User regular
    Have you checked to see if you can still acess your account? Only check that account, though- if it's a trjan or something, no sense in just handing over the rest of your accounts to it.

    Get to a known-clean PC and change your passwords, especially your Apple account. I';d also see if Apple has a phone number you can call to get help on thier end, such as doing whatever they can do to stop any more content from being bought with your monies.

    Cross your fingers and just hope the only thing they got was your Apple account, too.

    steam_sig.png
  • interrobanginterrobang kawaii as  hellRegistered User regular
    definitely talk to apple about it

    someone from china got into my itunes account a few months ago and spent $50 of my itunes credit - a quick call to apple support had them return my credit, freeze my account so whoever had access to it couldn't go buying shit AND i got to keep the apps the thief bought in the first place!

  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    definitely talk to apple about it

    someone from china got into my itunes account a few months ago and spent $50 of my itunes credit - a quick call to apple support had them return my credit, freeze my account so whoever had access to it couldn't go buying shit AND i got to keep the apps the thief bought in the first place!

    How do you contact apple? They only seem to have email support.

    I changed my password instantly when I got the email saying "you have just purchased X app." Though it was on this particular computer, which is the supposed compromised one. I don't really have access to another "clean" computer, since the other users in my household are more irresponsible than me.

    I don't understand how this can happen, I have no script, I routinely clean my computer for spyware et al.

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • exisexis Registered User regular
    definitely talk to apple about it

    someone from china got into my itunes account a few months ago and spent $50 of my itunes credit - a quick call to apple support had them return my credit, freeze my account so whoever had access to it couldn't go buying shit AND i got to keep the apps the thief bought in the first place!

    How do you contact apple? They only seem to have email support.

    Try technical support? They could point you in the right direction.

    XBL: ecksys | LoL: deyur | Path of Exile: deyur | Check out our Kiwi games podcast
    camo_sig2.png
  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    edited July 2011
    So virus and spyware sweeps of my computer turned up nothing. I'm not sure what to do from here.

    E: Upon calling Apple, they tell me they don't really have phone support for this sort of thing, and that I have to use email. So much for getting ahead of this.

    silence1186 on
    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • EsseeEssee The pinkest of hair. Victoria, BCRegistered User regular
    I don't understand how this can happen, I have no script, I routinely clean my computer for spyware et al.

    With things like WoW accounts, for example, you often get people who definitely have their machines locked down, but still have their account broken into anyway (a good friend of mine had this happen a couple months back, and I know how careful he is). It seems like the "hackers" often try to brute-force people's passwords without actually putting spyware onto anyone's computer, so ANYONE can have that happen to them. Naturally, it's much easier for them to grab control of an account if you have a weak password. Did the password for your iTunes account (and possibly also your e-mail and similar accounts) have any symbols in it? Having a password be fairly long and have symbols in it increases the work required by someone to break into your accounts exponentially. They can still get in if they spend long enough, but it's much quicker for them to just brute-force a password like "badpassword" than "+H!$!$83++3Rp@$$w0rD", if the site allows it (unfortunately, some sites don't allow you to use certain symbols, so you may have to experiment with what you make for a while to get symbols in there).

    Good on you for having NoScript, by the way! It's a very important piece of security.

  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    I've changed several of my passwords in response to this, and I always try to use some combination of letters, numbers, and symbols, arranged into a word. Replacing "a" with "@", o with zero, etc., throw in some punctuation in a random order somewhere in there.

    I should probably just keep a physical notebook with my computer at home with passwords, so I can use more complicated long passwords I will never remember.

    So someone could have just magiced up my apple id from somewhere (no clue how), and just brute forced my password? Blah, anything to prevent that in the future?

    And yeah, I love NoScript.

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • B:LB:L Registered User regular
    Are you sure that your computer is compromised?

    I've heard rumors of apps that could steal your itunes info, usually Chinese apps. Have you downloaded any strange or unusual apps recently?

    10mvrci.png click for Anime chat
  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    B:L wrote:
    Are you sure that your computer is compromised?

    I've heard rumors of apps that could steal your itunes info, usually Chinese apps. Have you downloaded any strange or unusual apps recently?

    I don't have any apps aside from the iBook app that comes on the iPod, and I downloaded a metronome app because it was free, just to see how the app store works, and that was months ago. I've only downloaded music since that, and not since a month ago.

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • spool32spool32 Contrary Library Registered User regular
    If you're using Chrome, you might want to consider LastPass. As long as your master pw isn't compromised on the LastPass server, the rest of them can be insanely secure 30char random strings. LP will remember them for you.

    Successful Kickstarter get! Drop by Bare Mettle Entertainment if you'd like to see what we're making.
  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    Using firefox, is there an equivalent program?

    And how would the master pw be compromised on the LastPass server?

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • spool32spool32 Contrary Library Registered User regular
    Using firefox, is there an equivalent program?

    And how would the master pw be compromised on the LastPass server?

    Somebody'd have to hack LastPass. Unlikely, but anybody who is storing tons of master passwords and a user database is going to be a bit of a target, eh?

    Successful Kickstarter get! Drop by Bare Mettle Entertainment if you'd like to see what we're making.
  • EsseeEssee The pinkest of hair. Victoria, BCRegistered User regular
    Using firefox, is there an equivalent program?

    You'll notice that when you hit "download" on their site, they definitely have a Firefox plugin (and I think that's what it was at first, but maybe the standalone program came first): https://lastpass.com/misc_download.php

    The only way your password is likely to be compromised is if LastPass's database gets hacked, which ideally wouldn't happen with the security they must have in place (but naturally, someone getting into their system would be hitting the jackpot).

  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    Thanks everyone for your advice so far. I'm not sure if anything I've done has helped, but apple supposedly will email me by tomorrow.

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • SyrdonSyrdon Registered User regular
    On a password security note, badBADb4dB$D is much better than Cr4nfaCH&ACM simply because you'll be able to remember the first (although, except for the odd clustering of Cs, the second is likely more random). You can make either of those better simply by repeating them once (although, I'm not sure how many places allow 24 character passwords).

    LastPass is a nice way to go, on firefox there's also the default password manager. To enable it, look under tools, then security.

  • DarlanDarlan Registered User regular
    I don't want to make this more of a headache for you, but are you sure it isn't worth the time to backup your most important stuff and reformat? It's not nearly as painful of a process as it used to be, and it would probably give you some peace of mind. Hang in there, though, I know what it's like. Earlier this year I had someone hack my WoW account and soon after try (and fail, thankfully) to use my debit card. I'm still kind of stressed out about it, but things seem okay and it prevented me from wasting money on giving WoW another try, which I guess is a plus.

    Anyways, best of luck!

    steam_sig.png
  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    The only thing I have that's super important is my music really. There used to be programs that could pull your music back off your ipod and put it onto a reformatted computer.

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
  • silence1186silence1186 Character shields down! As a wingmanRegistered User regular
    So it's been over 24 hours since I reported the fraud, and all I've received is a receipt from the itunes store, nothing about the case I opened. Is this normal?

    3DS Friend Code: 1891-2359-4305
    3DS Friend Name: BiggsWedge
    Pokemon Y In-game name: Biggs, Shiny ID: 475
Sign In or Register to comment.