Compromised Apple Gift Card Leads to Apple Account Lockout

Originally published at: Compromised Apple Gift Card Leads to Apple Account Lockout - TidBITS

[This story has been resolved; see “Compromised Apple Gift Card Saga Ends Well, but Risks Remain,” (18 December 2025).]

After attempting to redeem a $500 Apple Gift Card purchased from a well-known retailer, Apple developer, author, and /dev/world conference organizer Paris Buttfield-Addison found himself locked out of his Apple Account. He writes:

I am writing this as a desperate measure. After nearly 30 years as a loyal customer, authoring technical books on Apple’s own programming languages (Objective-C and Swift), and spending tens upon tens upon tens of thousands of dollars on devices, apps, conferences, and services, I have been locked out of my personal and professional digital life with no explanation and no recourse.

Buttfield-Addison’s Kafkaesque situation has been covered by numerous sites, including Daring Fireball, AppleInsider, Michael Tsai, Pixel Envy, and The Register, so I had expected that escalation from his friends within Apple and the negative press attention would be sufficient to cause Apple’s Executive Relations team (which handles serious issues sent to tcook@apple.com) to resolve it quickly. Although someone from Executive Relations contacted him on 14 December 2025 and said they would call back the next day, it has now been three days with no further contact.

As far as I can tell from his extensively documented story, Buttfield-Addison did nothing wrong. Personally, I wouldn’t have purchased an Apple Gift Card to pay for Apple services—he planned to use it to pay for his 6 TB iCloud+ storage plan. I presume he bought it at a discount, making the hassle worthwhile compared to simply paying with a credit card. But I have received Apple Gift Cards as thank-yous or gifts several times, so I can easily imagine accidentally trying to redeem a compromised card number and ending up in this situation.

For now, we can hope that ongoing media attention pushes Apple to unlock Buttfield-Addison’s account. More troublingly, if this can happen to such a high-profile Apple user, I have to assume it also afflicts everyday users who lack the media reach to garner coverage. Apple acknowledges that Apple Gift Cards are used in scams and advises users to contact Apple Support, as Buttfield-Addison did, without success.

I’d like to see Apple appoint an independent ombudsperson to advocate for customers. That’s a fantasy, of course, because it would require Apple to admit that its systems, engineers, and support techs sometimes produce grave injustices. But Apple is no worse in this regard than Google, Meta, Amazon, and numerous other tech companies—they all rely on automated fraud-detection systems that can mistakenly lock innocent users out of critical accounts, with little recourse.

There is one way the Apple community could exert some leverage over Apple. Since innocently redeeming a compromised Apple Gift Card can have serious negative consequences, we should all avoid buying Apple Gift Cards and spread the word as widely as possible that they could essentially be malware. Sure, most Apple Gift Cards are probably safe, but do you really want to be the person who gives a close friend or beloved grandchild a compromised card that locks their Apple Account? And if someone gives you one, would you risk redeeming it? It’s digital Russian roulette.

This is part of a giant problem, which is that consumers often don’t own / control their digital devices, software, and lives, and that it’s very hard not to be in that situation. From syncing services, to online storage, to software that isn’t owned by the purchaser, to all sorts of things, we’re terribly dependent on companies for basic everyday stuff.

We used to pay with Apple gift cards for all of your Apple Music, Apps & Services. After about hearing about an account lockout a few years back, that all ended. To think that there is no recourse to recover an Apple account… I now rarely buy from the Apple App Store or iTunes over this issue.

I think you drew the indictment a bit too broadly. There are 2 types of physical gift cards:

1. Those with a set value associated with the card
2. Custom ones, where the purchaser pays the vendor, who then assigns a value to the card.

I think that only the cards with a set value are subject to this fraud. I assume that a vendor will be unable to assign a value to a compromised card. So, that card should be safe to use (assuming the vendor is trustworthy).

I think this is a quite typical problem, and it affects by far not just Apple. A large megacorp has some automated process and a customer ends up being locked out of a service or at least severely affected. This customer then has no proper way to get in touch with a person with agency so they can listen to their situation and then also step in to expediently fix whatever the “AI” broke.

These megacorps tend to point to the huge number of cases they have and how we cannot expect them to be able to manually deal with and resolve all these cases. To that all I can say is: why not? Nobody forced Apple to take on a billion iCloud+ users. Nobody forced Google to provide cloud services to a trillion people.

I’d argue these companies have taken over custodianship of such a tremendously important part of everyday folks’ lives, that they can and shall be held responsible. If you cannot manage your AI or your customer support to the point where it either doesn’t mess up somebody’s life (your customer’s life, actually) or to the point where you cannot fix when your customer’s life has already been messed up, well, then you have quite obviously failed to properly scale your business and your “automation”. And if the excuse is that it’s somehow absolutely impossible to get the automation right (or at least swiftly fix things when the automation makes a mistake), well then you have just essentially admitted you cannot reasonably engage in this business and sell such services. I’m sure any megacorp with a billion+ user accounts wouldn’t want to go down the route of such an argument.

I’d further wager that because these large corps get away with such a cheap excuse, they also lack the proper incentive to improve their “automated” systems to the point where people aren’t locked out of their digital life or at least locked out without a reliable and quick way to get let back in when something goes wrong. Mistakes always happen and they can happen to anyone. It’s how you resolve it that counts.

When my bank blocks my debit card because they have detected what they think is fraudulent behavior, they reach out to me. I can talk to an actual person. I can authenticate and then ensure that what they see is indeed legit and intended. And they can then promptly return my card to working order. I do not see why Apple or Google or another one of these quasi-monopolistic world dominating megacorps should be held to any lower standard. They have much more market dominance and they’re certainly much wealthier than my little regional bank. If they choose to be world leaders in their service category, they should be expected IMHO to offer world-leading attention to customer service.

Apple Insider has a source that suggests there may be more to the story than what he told.

Also, if you are, buy the gift card from Apple, not a third party, even if it is a “superstore”.

I’ve purchased Apple e-gift cards (always from major retailers like Target, Best Buy and Amazon, and never physical cards) for years when they are discounted 10-15%. I use them for Apple hardware purchases, apps and an Apple One subscription.

But about two years ago, for some reason, when I attempted to purchase an app in the App Store (using previously acquired apple e-gift card credit), I got a pop-up message telling me that my account has been disabled in the App Store and iTunes. Subsequently, my account was completely locked and closed permanently, according to Apple.

The Apple rep I spoke to said there’s no way they can possibly reinstate my account. They also wouldn’t tell me how exactly I violated the terms and conditions.

A couple of days later, I got a call back from the Apple representative who told me my account was permanently closed. They said they would look into it further with someone higher up and get back to me with the results.

I’ve had my account open since 2004(!) when it was just the iTunes Store, and have made who knows how many purchases since then. But I’ve used a separate Apple ID for iCloud, so I would not lose things like photos associated with that account.

Thankfully, when I decided to try accessing my locked account a couple of days later it was working again! I guess the Apple rep forwarded the issue to someone who could actually do something. This was an immense relief.

I wasn’t aware of this distinction, but more to the point, how could anyone who receives a card as a gift be aware of any of this? In this particular case, he bought the card for his own use, but I have to assume that’s less common than people giving them to others. They are gift cards.

At this point, I can’t see using one for anything associated with my Apple Account. Hardware at an Apple Store would seem safe.

I’ll be curious if additional details surface from Apple but I’d be surprised if they’d reveal anything. Regardless of whether there are additional things going on with his account, this is still pretty unacceptable.

I need to confirm this the next time I visit my grocer, but I believe that the ones with a specific value have that value printed on the carrier that the card comes in, while the custom ones, obviously, do not.

61mTxLJMIqL.SL1500938×1500 57.8 KB

Thinking about it, both should be OK when bought from a reliable store, as the cashier must activate the card when you pay for it. If you buy a physical card over the Internet and can’t observe the activation, you may be in trouble.

I really doubt that Apple will comment about this specific case officially. But: the people you linked reporting on this are relying on one side of a story, which may not be completely accurate. Since Apple will not comment, there is not much else that they can do but trust one source, so it’s too bad that Apple will not comment.

Also: Apple should provide a take-out service (there should be regulations that require it) for anyone whose ever had an account, even if it has been closed, to allow users to take their data with them (email, photos, app data, etc.) , for at least a reasonable period of time (90 days?) There is an Apple take-out service, but I assume that your account must be in good standing.

Here is my story of how I came to avoid Apple gift cards.

I bought an Apple gift card for my own use a few years ago. (I got it for less than face value.) I had no problem with fraud, but it was still a major pain to redeem it. If I recall correctly, it could not be combined with a credit card purchase. This was for hardware purchased at Apple’s web site, if it matters.

After I called Apple, the helpful representative walked me through a process of moving the value from the gift card to some Apple account in my name. Then I was able to use that value as partial payment with the balance being charged to a credit card.

Even with no fraud and no lockout, my reaction was and continues to be that the small gain by getting the gift card at a discount did not come close to balancing the aggravation of trying to use it.

Maybe things have changed, but I will not be finding out.

Agree 100%. I am not asking for, redeeming, or gifting Apple credit cards until they do something about this. They can’t act like this is just some minor inconvenience anymore. It is absolutely required to use an Apple ID to use an iPhone in any but the most basic capacity, and you must know exactly what you’re doing and decline many very forceful prompts even to do that.

I don’t understand why governments go after them for so much, but not this. Well I do understand, they don’t understand the fundamental importance of identity.

If you subscribe to Apple Services, redemption is quite easy. When I have gotten an Apple Gift Card, usually because it is available at my local grocery store as a discounted item, I immediately add the gift card to my Apple Account balance. I then use that balance to pay my monthly Apple One charge or to buy App Store or iTunes Store items. There is no need for me to specifically designate the Apple Account as the source, as it is automatically the source until it is exhausted. At that point, the payment source defaults to my first-priority credit card. So, one transaction shows a split payment, but no action, other than adding the card value to my Apple Account is rquired.

As far as I know, I don’t. I have no monthly charges from Apple, and to the best of my knowledge, I have never purchased an item from App Store nor iTunes Store.

Perhaps the Apple phone rep created an account at Apple Services for me and that’s how I was able to redeem the gift card.

He says that an Apple executive rep informed him that his account deletion has been rescinded and he is regaining access to his account, so, I guess happy ending - for him. I guess it’s helpful to have social media reach to get famous bloggers in the Apple world to re-tell your story. The rest of us, not so much.

Apparently, indications are that it was the Apple gift card that caused the issue.

Maybe we have enough anecdotes to say that this is a bad idea? If you are going to buy Apple gift cards, buy them from Apple and only Apple. Don’t trust a third-party reseller to keep them secure.

I don’t understand what happened. I mean, I’m aware that gift cards can be compromised by people who either cash them out before you buy the card, or wait for you to active the card and then immediately siphon off the value.

But even if that happened, why would Apple think that buyer has done something wrong? They’re the victim.

Many comments point out why Apple is not easy to deal with in such cases and this is probably true.
But what I totally don’t get is why a business chooses to pay one of their main supplier with a gift card? Looks to me like a very bizarre choice. Is this man maybe not quite so business savvy as he claims to be? I really don’t get it.

In general, I agree with you. If I were trying to explain Apple’s behavior, I would guess that Apple sees the tainted cards essentially as forgeries and assumes that the people responsible would be the most likely to attempt to redeem them.

It does feel like an odd choice to me, too. My assumption at the moment is that he bought the $500 gift card at a discount during a retailer promotion and figured it was an easy way to save money. If you had no reason to fear Apple Gift Cards, it might seem economically sensible.

I would guess in many cases the buyer is an accomplice.

Not this one, of course, but it explains the paranoia.

The bulk of my Apple ecosystem purchases bar hardware are made via topping up with gift cards either directly from Apple or Amazon. I prefer this model of a lump of credit diminishing which I top up. It aids my grasp of this seemingly ever-expanding part of my expenditure. I would never accept one for payment or exchange for obvious reasons. I’ve had no issues and don’t expect any.