Filed under: Analysis / Opinion, iTS, Odds and ends, iTunes, Apple, App Store
iTunes gift cards cracked
This seems like bad news for Apple, to say the least. A few Chinese websites are now selling $200 gift certficates to iTunes for less than a few bucks, which means that it's likely hackers have figured out the algorithm to determine gift codes on Apple's music store. As with most online codes, iTunes gift certificate numbers are generated by a formula somewhere -- figure out the formula, and you can generate your own codes (though it's of course tough to do and highly illegal).The good news is that this might be an easy fix for Apple: they'll just have to re-figure the formula. The tougher thing to do will be to determine which of the old codes to honor -- they'll want to make sure to approve all of the cards on the shelves at Best Buy right now, while still trying to catch all of the illegal codes generated by hackers.
But then again, we're talking about a digital store that's already making cash hand over fist. Maybe even if one hacker on a shady website has figured out how to generate iTunes codes, Apple isn't too concerned about losing a few thousand dollars when they're still selling millions of dollars worth of music and content legitimately.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
dermot said 4:21PM on 3-11-2009
This sounds a bit dubious to me - surely Apple have a database of all valid codes and if you try to use a code that doesn't exist in that database or that has already been used then you fail, right?
Reply
Mike said 10:22AM on 3-12-2009
You are correct. TUAW and several other sites reporting this as a crack of Apples 'algorithm' is just nonsense. I don't have experience with iTunes gift cards, but most gift cards require an authorization by the store it was sold from to activate it. If not, anybody could steal a gift card and it would be valid. It's not like Best Buy gives you a special pin to use with your gift card.
Relying on an algorithm alone is like saying any mod 10 valid credit card number would be capable of making purchases, even if that number hadn't been used.
Either some vendor's authorization capabilities have been stolen, or these are valid card gotten illegally.
Martin said 4:33PM on 3-11-2009
Their sales just went through the roof.
Reply
waffffffle said 4:38PM on 3-11-2009
I agree that this doesn't seem real. I'm pretty confident that these are gift cards purchased with stolen credit cards, not fraudulently generated codes. When you purchase an iTunes gift card in a retail store it does not become valid until it is purchased (so if you steal all of them on the rack they are useless, which is why they don't lock them up). There's no reason Apple would accept a code that hasn't been activated yet.
Reply
Tony said 8:24PM on 3-11-2009
In all the stores I've seen the 'gift cards' are just placeholders that get put back on the shelf after buying. The code is printed on your receipt, generated at the point of sale.
Scott said 4:41PM on 3-11-2009
Yeah... so if you want to knowingly buy an illegal card and enter it into your iTunes which is tied to your address, phone number and email account... have fun with that. I'm sure nobody will get caught.
Reply
Tim said 4:42PM on 3-11-2009
The stolen credit card information is the only one that makes sense. Interestingly, I wonder if they get their stolen credit card information from other people buying cheap gift cards.
Reply
rohan pandula said 6:29PM on 3-11-2009
i just got one form the site
it was a bitch to find someone who knew English
i paid 38$ for a 150$ card.
ebay here i come!
Reply
derekknighttx said 7:26PM on 3-11-2009
Do you consider yourself a thief yet? I do. Your statement implies an intent to defraud.
Dorv said 9:33PM on 3-11-2009
No, but now that you've informed him, I'm sure he'll turn himself in.
(I kid, I kid)
Rich said 8:04PM on 3-11-2009
Stolen credit cards seems much more likley than a "crack"
Think abou it. There are thousands of these cards sitting on the shelves, all of which are no good until they are "authorized" via the POS system in the store (swipe the card, send message to apple or an auth server (I assume) card is activated.
These have been around for months. Check ebay's forums and the forums at toucharcade.
http://forums.toucharcade.com/showthread.php?t=420
Apple will figure this out and when they do (at least according to users who posted on TA,) they disable your iTunes account for using fraudulent credit cards.
Think about it people, you are giving personal info and/or CC info to a website that's using stolen CC's. Seems like a perpetual money machine for them. At least in theory.
Check your CC statements and credit report carefuly.
Then again, maybe Apple isn't going to do anything about this (other than disable yoru iTunes account and they are going to let "natural selection" take it's course with those who would do business with thieves.
I'm reasonably sure even Paypal is going to give you a ration if you tell them "it seemed like a legitimate transaction" ...really, couple of bucks for $200 worth of iTunes... ahem. Not.
I might even venture that if they can trace the original transaction for your "deal" on the iTunes card they could turn you over to authroities for fraud.
Bad company corrupts good character folks, stay away.
Rich
Reply
Rich said 8:33PM on 3-11-2009
Almost forgot, did anyone at TUAW think to check with Apple on this first before becoming a world class source of advertising for these thieves?
Rich
Reply
Rob said 2:00PM on 3-13-2009
Has anyone actually considered that this might be a scam. Has anyone bought and used on of these codes. The only realistic option seems to me to be than you spend money with a dubious Chinese website that provides you with a code that claims to be real. If this was on eBay you wouldn't think twice that this was a fake. Stolen credit card is all well and good but it's just a whole load easier to make it up and reap in the cash from lots of people.
Reply
djerome said 6:21AM on 3-12-2009
There used to be a site in the UK (itunesvouchers.co.uk) that sold them at 75% discount. I have spent what was at the time nearly $600 there. All the vouchers worked ok. Given that it was a UK company that also had an ebay shop I doubt the vouchers were credit card based.
Also 2 years down the line I still have credit in my account. So any ideas how that would work?
Reply
yakov hadash said 5:03PM on 3-13-2009
if you want to illegitimately save money on music bittorrent would be a better bet… at least you're not sending your cc # to cc # thieves!
Reply
Fuelogy said 2:17PM on 3-12-2009
The itunes cards, ultimately, are based on software generation. There is no such thing as "bullet proof software" - Their codes are just the same as microsofts, adobes, id's, valves, and anyone elses. Technically, even producing a code at all that anyone can see gives up the formula;
With enough codes, anyone who's more than halfway decent with math and logic can crack "the code" through establishing simple, stackable rulesets.
It also helps that apple could probably give less than a shit about what actually happens, so long as they're making profit.
Reply
Torley said 2:54PM on 3-14-2009
If it's a case of stolen credit cards rather than cracked, it's likely been happening for many months, as I noted here: http://www.wisebread.com/inside-the-shady-world-of-cheap-itunes-gift-cards
Reply
raybud420 said 3:51PM on 4-17-2009
well hit the jackpot
Reply