Compromised Apple Gift Card Leads to Apple Account Lockout (tidbits.com) 62
An Apple developer was locked out of his Apple Account after redeeming a compromised Apple Gift Card, exposing how automated fraud systems can effectively cut users off from their digital lives with little explanation or recourse. TidBITS reports: After attempting to redeem a $500 Apple Gift Card purchased from a well-known retailer, Apple developer, author, and /dev/world conference organizer Paris Buttfield-Addison found himself locked out of his Apple Account. He writes: "I am writing this as a desperate measure. After nearly 30 years as a loyal customer, authoring technical books on Apple's own programming languages (Objective-C and Swift), and spending tens upon tens upon tens of thousands of dollars on devices, apps, conferences, and services, I have been locked out of my personal and professional digital life with no explanation and no recourse."
As far as I can tell from his extensively documented story, Buttfield-Addison did nothing wrong. Personally, I wouldn't have purchased an Apple Gift Card to pay for Apple services -- he planned to use it to pay for his 6 TB iCloud+ storage plan. I presume he bought it at a discount, making the hassle worthwhile compared to simply paying with a credit card. But I have received Apple Gift Cards as thank-yous or gifts several times, so I can easily imagine accidentally trying to redeem a compromised card number and ending up in this situation. [...] For now, we can hope that ongoing media attention pushes Apple to unlock Buttfield-Addison's account. More troublingly, if this can happen to such a high-profile Apple user, I have to assume it also afflicts everyday users who lack the media reach to garner coverage.
As far as I can tell from his extensively documented story, Buttfield-Addison did nothing wrong. Personally, I wouldn't have purchased an Apple Gift Card to pay for Apple services -- he planned to use it to pay for his 6 TB iCloud+ storage plan. I presume he bought it at a discount, making the hassle worthwhile compared to simply paying with a credit card. But I have received Apple Gift Cards as thank-yous or gifts several times, so I can easily imagine accidentally trying to redeem a compromised card number and ending up in this situation. [...] For now, we can hope that ongoing media attention pushes Apple to unlock Buttfield-Addison's account. More troublingly, if this can happen to such a high-profile Apple user, I have to assume it also afflicts everyday users who lack the media reach to garner coverage.
Doesn't matter what Apple does (Score:5, Insightful)
They can make an exception for him because he is such a big player. They can make an exception for him because he went viral.
The thousands of others this happens to on a regular basis are still locked out, and no one is coming to save them.
Re: Doesn't matter what Apple does (Score:2)
I dunno, Apple thinks they have enough clout to blatantly lie to a federal judge and ignore an injunction without consequence. What chance do you think this guy has?
Re: (Score:2)
I think the point of the OP wasn't to assess if this guy has a chance, but stating that this guy can try his luck but whatever the outcome, the chances for regular folks are infinitely less.
Re: (Score:2)
It's an area of law the could do with seeing clarification. If stuff like this happens you should be due a refund on your bricked hardware, lost app purchases, lost media etc. It's particularly bad with consoles and Steam, where you can lose many years, even decades of purchases due to an error on their end.
Same when the mandatory TOS changes and you can't agree to the new terms.
Re: Doesn't matter what Apple does (Score:2)
Re: Doesn't matter what Apple does (Score:2)
Re: (Score:2)
Re: (Score:2)
Doesn't work in the UK. People got refunds when they killed PS3 Linux, for example.
Serves him right (Score:2)
Put you finances, your work, and all of your IP under the control of a faceless mega-corporation. Without backups?
What a moronic fanboi would do...
Don't Buy Apple Gift Cards (Score:5, Insightful)
Re:Don't Buy Apple Gift Cards (Score:5, Insightful)
The lesson is don't ever use an ecosystem where all your software, music, and book purchases, your hardware itself, and even your access to your professional life, tools, and means of communication can all be erased instantly with zero recourse.
The lesson here is not "avoid Apple gift cards"
Its "avoid Apple"
Pick your poison (Score:5, Informative)
The problem with this is that google is often the alternative and can be just as bad.
There's a documented case out there where during COVID, when doctor's offices were mostly shut down, where the parents ended up taking a picture of the baby's rash (yes, in that area), and emailing it to the doctor's office.
Somehow Google's automated child porn detection systems flagged this, it was reported to the police who opened an investigation, then closed the file when it was realized that: 1. It was sent to a pediatrician office, 2. Yes, baby had a rash, 3. It was COVID, so office working remotely. This worked long enough for the family to get the appropriate cream for the baby, but google also closed down the man's accounts and marked him as a nasty banned pedophile.
I never did hear if he got that resolved.
Re: Pick your poison (Score:2)
The problem with this is that google is often the alternative and can be just as bad.
I mostly use proton. Even if they kill off my account, I still have offline backups. I also own my email domain, so I won't lose my email address either, unless my registrar decides to do something they're not legally allowed to do.
Do you pay? Yeah. You pay with Google and Apple too, whether you realize it or not. But unlike them, proton gives you an honest price, and you, not them, hold all of the keys. Literally.
Re: (Score:2)
The problem with this is that google is often the alternative and can be just as bad.
There's a documented case out there where during COVID, when doctor's offices were mostly shut down, where the parents ended up taking a picture of the baby's rash (yes, in that area), and emailing it to the doctor's office.
Somehow Google's automated child porn detection systems flagged this, it was reported to the police who opened an investigation, then closed the file when it was realized that: 1. It was sent to a pediatrician office, 2. Yes, baby had a rash, 3. It was COVID, so office working remotely. This worked long enough for the family to get the appropriate cream for the baby, but google also closed down the man's accounts and marked him as a nasty banned pedophile.
I never did hear if he got that resolved.
Didn't Apple try something similar with their cloud photos? IIRC they were going to scan all of them for CP but the outcry from parents made them walk back the decision.
Re: (Score:2)
Yes, however the new push goes far further than that. Your OS will block any adult related on-screen content unless you verify you're an adult. You also won't be able to take any adult looking photos or videos. That's what lawmakers are currently working towards in the UK: https://winbuzzer.com/2025/12/... [winbuzzer.com] I guess in the future criminals, politicians, and celebrities will wear naked-looking body suits in an attempt block cameras from recording them... actually the rich and their buddies will just have e
Re: (Score:2)
Google is not the alternative. Unfortunately the alternative, selecting systems where your data isn't in the hands of third parties, is intentionally being made hard, and people don't want to do it.
Re: (Score:1)
Re:Don't Buy Apple Gift Cards (Score:4, Insightful)
The lesson is to make backups. I am personally very surprised that such a technically competent person would be "locked out of his professional and personal life without recourse" meaning he never though backing up his contents, even to a simple USB drive.
Also I would argue the lesson "Avoid Apple" doesn't apply to him, he had to choose a field where his competences made him a livelihood. It's like developers who publish apps on Apple App Store because they sell well, not because they love Apple.
Re: (Score:2)
It would be nice if more of our infrastructure had backup mechanisms built-in. Geeks have been whining about the importance of backups for close to 50 years, but nobody can be bothered to make it easy and seamless.
Seriously, it never ceases to disappoint me that even Linux distros don't automate a simple backup system on install, and instead make people install and learn how to use backup software on their own. It seems like nobody really cares.
Re: (Score:2)
Re: (Score:2)
I am personally very surprised that such a technically competent person would be "locked out of his professional and personal life without recourse"
He's not technically competent. He's a writer.
Re: (Score:1)
It's not an issue of backups. If you're locked out of your developer account you no longer get paid for your apps, nor can you update your apps or re-release them under a new Apple ID because that's a TOS violation. If you're not a developer, being locked out of your Apple ID means you have to redo all your sign-ins that use it as a bridge, your photos and emails stop syncing, iMessages that go to your Apple ID rather than your phone number stop working, notes/reminders may not work at all anymore, etc.
Re: (Score:2)
Re: (Score:2)
It's not just Apple too.
Re: (Score:2)
The real lesson is believing you own what you buy online. You don't. Anything digital can be revoked instantly, without explanation, and often without meaningful recourse or support.
Re: (Score:2)
The lesson is neither. You can't avoid something that is seen as popular and has value. I loath Apple, and yet I have an iPod. Why? It was a gift. I also have an iPhone, that was forced on me by work. The wife loaths Apple and yet has an iPad, why? She won it in a contest. I have received an Apple gift card as a prize before as well, though at the time I managed to talk the people into taking it back and giving it out as an Amazon gift card instead. But the problem there is the same.
The real answer is we sh
Re: (Score:1)
Indeed. Avoid Apple, Amazon, Google, Microsoft and a number of others. Regard them as malicious and uncaring if you cannot avoid them and prepare accordingly.
Re: (Score:2)
And don't be a victim. Unlike the person that moderated this down.
Re: (Score:3)
Companies should take this more seriously as there's nothing stopping a bad actor from intentionally inflicting these sort of problems to damage the company's reputation. If someone could make enough money shorting stocks to take advantage of bad publicity around the problem there's sufficient incentive to en
Re: (Score:2)
This is every company that uses any kind of automated system for this sort of problem. Pray you never set off any of Google's automated systems because the odds of getting that fixed are just as bad.
Companies should take this more seriously as there's nothing stopping a bad actor from intentionally inflicting these sort of problems to damage the company's reputation. If someone could make enough money shorting stocks to take advantage of bad publicity around the problem there's sufficient incentive to engage in it.
Agreed. If I were dictator of the world, I would mandate that any online business with more than some number of users would be required to have physical office. So if a user's account got cancelled, as a last resort that user could physically go to the office with their physical ID and get it fixed.
Yes, this would mean that some online businesses were no longer profitable. I still think it's worth it. Especially compared to the systems we have at present where the user uploads selfies and pictures of their
Re: (Score:1)
So you would be prepared to fly to Tasmania and take the donkey caravan to the remote village where their office is located to deal with this matter?
No?
What about if the shoe is on the other foot... what should the chap who lives in that remote village do if he needs assistance from a physical office in New York City?
Re: (Score:2)
So you would be prepared to fly to Tasmania and take the donkey caravan to the remote village where their office is located to deal with this matter?
No?
What about if the shoe is on the other foot... what should the chap who lives in that remote village do if he needs assistance from a physical office in New York City?
At least it would be an option.
Re: (Score:2)
So you would be prepared to fly to Tasmania and take the donkey caravan to the remote village where their office is located to deal with this matter?
That's better than the current situation.
Re: (Score:2)
I will never buy Apple Gift cards.
You missed the point of TFA. It's a gift card. It may be given to you. What do you do then? Turn it down? Talk is quite cheap, I suspect your view will be different when you have that thing with a $100 value in your hand. You will justify redeeming it anyway by reflecting on the fact that literally 10s to 100s of millions of the cards are redeemed yearly, and think "yeah but the risk is low right?"
Live by the closed-source walled garden... (Score:2)
Something doesn’t add up. (Score:4, Interesting)
Re: (Score:3)
Re: (Score:2)
I feel we are not getting the full story here.
I'm no financial adviser, yet it seems like a rectifiable conundrum for a fellow earning that far above the poverty line.
"I'm not sure what happened, but here's $500 to cover the damages until we figure out what happened."
Maybe righteousness got in the way?
Re: (Score:2)
There are lots of gift card scams and they're probably not naming the retailer because it can happen to any retailer. One of the scams is stealing the cards, recording their numbers, then repackaging them to look like new (you can buy scratch off security stickers) and smuggling them back into the store. The scammer has software automatically checking those numbers to see when the card is activated and as soon as they notice they use the funds.
Re: (Score:2)
Re: (Score:3)
Apple Gift Card fraud is a well known issue. Even the official response from Apple implied the entire supply chain was compromised.
There are no surprises here, this is not an uncommon occurrence, and this instance of it is well documented.
There is nothing here that "doesn't add up" other than your personal discomfort at anyone questioning the sacred Apple. Apple is Mother. Apple is father.
Re: (Score:2)
It seems like there needs to be a lawsuit initiated against Apple and the retailer for the full value of that account.
Re: (Score:2)
I like generally like Apple products. I also have no loyalty to any particular brand beyond a learne
If my name was Buttfield (Score:2)
Bought a card with the code already scratched off? (Score:2)
When you buy a gift card, a diligent purchaser will ensure that the scratch-off part isn't already scratched off.
No mention of any of this is suspicious.
Re: (Score:2)
When you buy a gift card, a diligent purchaser will ensure that the scratch-off part isn't already scratched off.
No mention of any of this is suspicious.
Really, dude... You can buy 1k scratch labels for 10$ on Aliexpress. Just search for something like "scratch off label film".
Australian Consumer Law may help or get him an ful (Score:2)
Australian Consumer Law may help or get him an full refund
Re: (Score:1)
Amazon does the same thing (Score:2)
Even if you buy the gift cards from Amazon, they will quite often lock your account if you use them on electronics, or anything really popular. It is an incredibly dumb system.
How does it feel? (Score:1)
To be Apple's bitch?
This happens to everyone on every ecosphere (Score:1)
Don't rely on such accounts (Score:2)
Same for Microsoft or Google. If you need to depend on their accounts, chances are you will get shafted at some time. Hence do not let that need arise. Yes, that is difficult. But they can throw you out for basically any reason and you can do nothing.
In a similar fashion, lots of YouTube-dependent creators have gotten stabbed by Meta recently. The whole thing is broken and there needs to be legal recourse and penalties for platforms that get this large.
Why lock account? (Score:3)
"At scale" (Score:1)
Customer support is a cost to be minimized because dealing with individuals does not scale. Losing a small percentage of users because they fell through the cracks is an acceptable loss.
These companies watch the forest and forget it's made up of individual trees. Only when entire sections of the forest topple do they notice. You have to be an extraordinarily tall tree, like Paris it seem
Access Restored (Score:2)
Five days without access to your accounts is a LONG time, and should not have happened. But, as an Apple ID holder, I do want my account protected and don't want other people to access it for any reason (especially because that might open access to other accounts, such as my bank). Hopefully Apple (and other tech companies) learn from these sorts of issues
Why doesn't he just call customer service? (Score:2)
Easy...oh, wait...