37 responses

  1. Lazza
    January 12, 2012

    I have had exactly the same problem today. XD Anyway, I didn’t ask for a password reset, because I don’t want to look like I’m the owner of that account. :-\

  2. FooBar
    January 12, 2012

    It seems the OpenBSD list also received this notification. :-)

  3. Lazza
    January 12, 2012

    Sounds legit, since OS X is a BSD rip-off. 😀

    • Antonio Cangiano
      January 12, 2012

      I’ll get the extinguisher. Just in case. :)

      • Lazza
        January 12, 2012

        LOL I don’t want to flame, I was just talking abouth the common codebase both systems share. :) Pun intended. 😛

  4. Scott Fenne
    January 12, 2012

    There was an issue a while ago that would allow a malitious site to add a forwarding email filter in a the users Google account. Maybe this is going on with your account? Although you would have had to be logged in to your old email account for this to work.
    Here is a link:
    http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/

    • Lazza
      January 12, 2012

      That’s very interesting, but I’m not sure it’s related. There are a LOT of people complaining about that, and it sounds unreal that a big site such as Google, Ebay or Facebook could be “infected” by that exploit.

    • Antonio Cangiano
      January 12, 2012

      No filters and no forwarding (other than to my main email account), and I never login into that account. No pop3 or imap either.

  5. Rob
    January 12, 2012

    Are you sure this isn’t the accidental work of some intern at Apple testing the Apple ID registration system?

    “John Dillinger” sounds more like the kind of thing a programmer would use to amuse themselves in a test than something a spammer or hacker would use when trying to avoid suspicion.

    I haven’t used names of famous criminals in my code testing, but I have used superheroes, strange animals and tech companies.

    • Miguel
      January 12, 2012

      I don’t think it’s a test; I’ve had the exact same thing happen myself, and there’s nothing funny about my name, gosh darn it. I changed the password and forgot about it, and that’s the last I’ve heard of it. Haven’t checked to see whether the password still works, but I assume I would have received an email notification if it had been changed again.

    • Lazza
      January 12, 2012

      I don’t think an intern would use the email addresses provided for downloading iTunes or something like that to bulk create a lot of new user accounts. :)

  6. piero
    January 12, 2012

    Same here, with a seldom used gmail account. In Gmail you can check a log of account activity, with IP addresses, and there’s nothing suspicious in mine.

    • Antonio Cangiano
      January 12, 2012

      Yeah, that’s the first thing I did, and it was clean.

  7. Carlo
    January 12, 2012

    mmmm same problem for me… the email used as AppleID is ****@email.it and that account is frequently checked by gmail web interface thanks to pop3. Any Clues?

  8. ivanhoe
    January 12, 2012

    The fact that you can’t delete your Apple account yourself is very scary by itself, even without any hackers in the story… I’m pretty sure such policy is illegal, at least in EU… you should check Canadian laws on privacy, and see if you can force them to erase the account

    • huxley
      January 12, 2012

      According to the Canadian Privacy policy

      “Access, correction, or deletion requests can be made through the regional Privacy Contact Form.”

      http://www.apple.com/ca/privacy/contact/

      Tell them you didn’t create that account and never gave anyone permission to, that you are concerned it may be impersonation or identity theft. If they don’t respond to you saying they’ll delete it, then tell them you will contact TRUSTe to file a complaint:

      “If you have questions or complaints regarding our Privacy Policy or practices, please contact us. If you are not satisfied with our response, you can contact TRUSTe.”

      http://watchdog.truste.com/pvr.php?page=complaint

      Not that it guarantees you will get satisfaction but it might move things further than you’ll get with a call-center employee.

  9. Ben
    January 12, 2012

    Someone registered an Apple account with my email address as well. This was a couple years ago. At first, I didn’t care–this had happened to me before with other services, since I have a nice @gmail.com email address–but then I bought an iPhone so I naturally wanted to use my email address for the account.

    So I request a password reset. I log in, I see the person’s name, their physical mailing address is all filled in, and I can even see the last four digits of their credit card number. I change the password and change everything else as well, but conceivably I could have actually used their cc info fraudulently.

    Does Apple not verify email addresses? That just seems stupid for this type of account.

    Also, when I signed up for an Apple developer account, it used the previous name of the store account and I had to pester Apple a few times to change it.

  10. blowdev
    January 12, 2012

    Apple developers can register test accounts with pretty much any email address with only a name and no other info. What you are seeing might be the result of test account registrations and not regular registrations. Wether this is being used for other nefarious purposes is anyones guess.

    • Andrey Tarantsov
      January 13, 2012

      Exactly. When I was creating test accounts, the welcome emails were arriving, but the accounts were live without any kind of confirmation. Someone has willingly entered your email into iTunes Connect Test Accounts page.

  11. MacGeek
    January 13, 2012

    Same thing happened to me. Regarding banning or deleting the fake account, you can’t outright delete it, but you can neutralize it. Here’s how I did it.

    1) reset the password for the fraudulent Apple ID;
    2) once you get in, change the email address to a random mailinator.com (or equivalent service) address.
    3) access the mailinator.com or equivalent email, and verify it.
    4) log into your real Apple ID, and verify your email there.

    Steps 2 and 3 are needed because when I tried to verify my email with my real Apple ID I got an error saying that it was already verified with a different account.

    Hope this helps.

    • Antonio Cangiano
      January 13, 2012

      Clever trick. I may have to use it. Thank you.

    • Lazza
      January 13, 2012

      I tried to ask for a new password, and it said my record is inactive. Sounds good. :)

      • Antonio Cangiano
        January 13, 2012

        Same here. It looks like my post got Apple’s attention. I doubt we’ll hear the details of the story, but this is probably good enough at a personal level.

  12. Fabio
    January 13, 2012

    Same problem for me. The “gangster” used an old e-mail account belonging to the department of the university where I work. It may be interesting to note that such old account is no longer active (no way to log in with it), since our university provided us with new e-mail accounts and set the old ones as simple aliases.
    I wrote an e-mail to the Italian Apple support by picking up the only public e-mail address, since to access other kinds of support I should have provided an hardware ID I do not own… The automatic reply reported they will take 2 days and that they will not answer me if the order number was missing… wow!
    Any official news from Apple?

    • Antonio Cangiano
      January 13, 2012

      Fabio, your comment proves that “John” never had access to the email inbox. It looks like Apple is now disabling such accounts (most likely because of the attention this post brought to the issue).

      • Fabio
        January 13, 2012

        Thank you, Antonio, for having started to investigate about this issue. Hope to hear an official report from Apple about what happened.

    • Fabio
      January 14, 2012

      Update: Italian Apple support replyed my e-mail. They told me to fill a form concerning iTunes support… Unfortunatly, the support page asks me what version of iTunes I use and other questions concerning iTunes… 😐

      • Adriano Esposito
        January 14, 2012

        Hi Fabio, can you post the URL of the form?

        I will fill I have iTunes Dillinger version…

      • Fabio
        January 16, 2012

        Cool! It looks like a limited special edition! 😉

        Did you intentionally download it or you received it against your will? 😛

        I paste here the instructions received by e-mail (in Italian):

        Per ricevere supporto con iTunes, la invitiamo a copiare il seguente link: http://www.apple.com/it/support/itunes/contact/ e per iTunes Store Le consigliamo di selezionare “Ottieni il supporto di iTunes Store tramite e-mail”; nella pagina successiva troverà’ supporto diretto online, tramite maschere da compilare. I colleghi le risponderanno via email entro 48 ore dal completamento della richiesta.

        Hope you receive an interesting reply.
        In the case, please share it with us!

        Bests,
        Fabio.

      • Adriano Esposito
        January 16, 2012

        > Cool! It looks like a limited special edition!

        LOL! Very cool. But I dont want a special neither an ordinary edition… Do you? 😛

      • Adriano Esposito
        January 16, 2012

        PS Thank you very much 😀

  13. Adriano Esposito
    January 13, 2012

    I want to delete this fu** Apple ID the spammer created for me!!!

  14. Adriano Esposito
    January 16, 2012

    I got this response from Apple:

    Dear Adriano,

    Welcome to iTunes Store Customer Support. My name is Natarajan.

    I understand that you would like to cancel your iTunes Store account. I am glad to help you today.

    Adriano, please note that if your account is canceled you will no longer be able to redownload or upgrade Apps that you have purchased or authorize new computers to play content you have previously purchased. Although account cancellation is something I can help you with, I would like to offer some alternative resolutions for your issue. There are a couple of options that will allow you to retain full access to the items you purchased that have digital-rights management (DRM) while preventing your account from being used to make additional purchases.

    1) You can remove your billing information from your account at any time so that it can’t be used to make purchases. By doing this, you retain the ability to authorize computers to play the items with DRM that you have purchased with the account and you will still have the account open in case you decide to use it later. Using this option also allows you to update and re-download applications that you have already purchased with your iTunes Store account. The instructions in this article can help you with removing the billing information while keeping the account open:

    iTunes Store: Changing Account Information
    http://support.apple.com/kb/HT1918

    2) The iTunes Store can disable your account, which will prevent it from being used to make purchases. You will still be able to play the items you purchased with the account but you will not be able to re-download or update Apps that you have purchased.

    It is also possible to cancel the account, but you may lose the ability to play the items with DRM that you already purchased from the iTunes Store. For example, if your computer is repaired, you may not be able to reauthorize the computer to play your DRM purchases after the repair. Also, you wouldn’t be able to authorize computers that were not already authorized before you canceled the account. If you purchased content on an iOS device and want to sync the content to a computer, but you have not yet authorized the computer for the account, you will not be able to sync the content to the unauthorized computer.

    Additionally, you will be unable to re-download or update Apps that you have previously purchased. If you create a new account in the future you will not be able to play any of the DRM items purchased with the canceled account and you will not be able to re-download or update Apps without having to purchase the Apps again. You can’t reactivate the canceled account.

    In addition, if your account name is also your Apple ID, then canceling the account will change the registration information for any product that you’ve registered with that Apple ID. This can make it difficult to sign in to other Apple websites that ask for an Apple ID and password.

    You should not cancel the account if you want to be sure you can continue to use your iTunes Store purchases that have DRM as well as update and re-download already purchased applications. I recommend either removing your billing information or disabling the account as described above.

    Note that if you have purchased any iTunes Plus content from the iTunes Store, or if you have upgraded any of your DRM purchases to iTunes Plus, canceling your iTunes Store account will not affect your ability to play the iTunes Plus items on existing, new, or repaired computers.

    If you would like the iTunes Store to disable or cancel the account “adriano.esposito@poste.it”, please reply to this email specifying if you would like it disabled or canceled and include the following information. This is necessary for security purposes.

    – The billing address listed on the account

    …as well as one of the following:

    – the last four digits of the credit card used for your iTunes Store account
    – or the order number of your most recent purchase
    – or the name of any item you’ve purchased using this account

    Upon receiving your response, Apple will verify your information, disable (or cancel) your account, and send you an email confirmation.

    Adriano, if you have any further questions, feel free to contact us and we will be happy to assist you.

    Have a nice day!

    Sincerely,

    Natarajan
    iTunes Store/Mac App Store Customer Support

    Please Note: I work Sunday to Wednesday and Saturday, 6:30AM to 3:30PM CST.

    Thank you for allowing me the opportunity to assist you.

    • Lazza
      January 16, 2012

      This is the beauty of DRM… 😀

  15. Adriano Esposito
    January 16, 2012

    Anyway now my fraudulent Apple IDs are inactive: “This person record is inactive”.

    This BEFORE I reply to the message from Apple…

    • Not John Dillinger
      January 19, 2012

      So it does seem that Apple is deactivating these accounts but now I can’t create an account with that email address which is my primary.

      • AntX
        February 1, 2012

        What can I do then? Same problem here… The fact I can’t use my personal email is disgusting

Leave a Reply

 

 

 

Back to top
mobile desktop