Compromised Apple Gift Card Saga Ends Well, but Risks Remain

Originally published at: Compromised Apple Gift Card Saga Ends Well, but Risks Remain - TidBITS

Happily, the case of Apple developer, author, and conference organizer Paris Buttfield-Addison being locked out of his Apple Account for attempting to redeem a tainted gift card has been resolved. For initial in-progress details about what happened, read “Compromised Apple Gift Card Leads to Apple Account Lockout” (17 December 2025).

Buttfield-Addison posted an update on 18 December 2025, five days after his initial post, saying that an Apple Executive Relations representative finally told him, “it’s all fixed.” Buttfield-Addison promises a more substantive update soon, but we can infer that he has largely regained access to his Apple Account and its associated data and services.

The key to this Kafkaesque saga was the $500 gift card Buttfield-Addison purchased and then attempted to redeem. (Some former Apple support advisors have said there was probably more to it than that single redemption attempt, but if that’s the case, Apple will have to make a public statement.) He writes:

It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that. Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working. Strangely, he did tell me to only ever buy gift cards from Apple themselves; I asked if that means Apple’s supply chain of Blackhawk Network, InComm, and other gift card vendors is insecure, and he was unwilling to comment.

The more I think about this situation, the more dubious Apple Gift Cards seem. It appears to have worked out for Buttfield-Addison in the end, but he had friends inside Apple and the connections necessary to trigger significant negative press coverage. But this is not an isolated problem. TidBITS reader Brian Hoberman shared a similar story on TidBITS Talk, and a search for “gift card disabled” on the Apple Support Community forums yielded over a thousand discussions. Scanning them reveals many people who were likely victims of various scams, but that also means Apple is further victimizing them by locking their accounts.

What We Know About Apple Gift Cards

Understanding the risks requires knowing how Apple’s gift card ecosystem works and where it can go wrong:

• Scams are widespread: Apple warns users about gift card scams and advises those affected to contact Apple Support. As we’ve seen, that approach isn’t always successful.
• There are several types of Apple gift cards: Apple currently offers four, plus two older versions. When you redeem an Apple Gift Card, App Store Card, or App Store & iTunes Gift Card, the funds are added to your Apple Account balance and can be used to purchase apps, media, and services. An Apple Gift Card can also be used to purchase physical items at an Apple Store or the Apple Online Store. The Apple Store Gift Card can only be used for physical items. Some cards may be more or less susceptible to scams.
• Digital versus physical delivery: Gift cards purchased digitally (with codes sent in email) from Apple are presumably safer than physical cards on retail shelves because there’s no opportunity for physical tampering. But you could still run afoul of other fraud-detection signals, as Brian Hoberman experienced.
• Gift cards can be bought at various locations: It seems less likely that a gift card purchased directly from Apple would be tainted, and more likely that one from eBay or a random online site would have problems. But it’s unreasonable to expect everyday users to be aware that cards purchased from major retailers could be compromised. Buttfield-Addison purchased his from “a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale).” Since Apple Gift Cards don’t expire, compromised cards could sit on retailer shelves for months, extending the window during which tampering could occur.
• Received gift cards may lack provenance: Although many people buy gift cards at less than face value during promotions—mainly through third-party retailers—for personal use, they are gift cards, and someone receiving one as a gift might have no idea where it was purchased.
• Automated fraud detection systems can lock Apple Accounts: Due to the prevalence of scams, Apple has automated fraud-detection systems that watch for previously redeemed numbers, repeated errors during redemption, redeeming too many gift cards, and more.
• Recovering a locked-out account can be difficult: Although Apple provides automated systems to deal with locked accounts and recommends that people contact Apple Support, numerous reports (including Buttfield-Addison’s) indicate that Apple Support often cannot resolve the problem. Reaching out to Apple Executive Relations by emailing tcook@apple.com might help, but there are no guarantees. As much as we dislike admitting it, complaining to the press often works because Apple hates negative publicity. Even if it’s only temporary, losing access to your digital life—passwords, photos, email, apps, and more—can be incredibly stressful.

Bottom Line: Avoid Gift Cards

Given those facts, I would never give anyone an Apple Gift Card, and if I received one, I would redeem it only at an Apple Store for physical items. The likelihood of a problem may be very low, but the impact of being locked out of my Apple Account is very high. And I’m one of those people who could probably rally sufficient negative press to resolve the problem.

Although everyone must make their own risk decisions, I recommend avoiding Apple gift cards, particularly those that can only be redeemed into an Apple Account balance for digital purchases. At least the Apple Gift Card and Apple Store Gift Card can be used without exposing your Apple Account to the redemption process.

I’m not alone. At Daring Fireball, John Gruber shares his concern surrounding Buttfield-Addison’s story, saying, “The whole thing does make me nervous about redeeming, or giving, Apple gift cards.” Nick Heer has a similar take at Pixel Envy:

I cannot tell you what to do, but I would not buy an Apple gift card for someone else, and I would not redeem one myself, until Apple clearly explains what happened here and what it will do to prevent something similar happening in the future.

The good news? There’s still time to find another gift for your Apple-using loved ones. And if someone gives you an Apple Gift Card this holiday season, at least now you know to redeem it at an Apple Store for something physical.

Just want to add some thoughts I have about gift cards and managing risk.

• There are many opportunities at retail companies, both for employees and non-employees, to tamper with and to compromise gift cards. Gift card scams are one of the easiest and most widespread forms of retail fraud.
• Gift cards are also widely used for money laundering.
• If I see a gift card offered at a discount, I try to compare the benefit of the savings to the risks of using a bad gift card. If a 10% discount at, say, Morton’s Steakhouse turns out to not work, I won’t be hurt too much. But if my livelihood depends on a certain company keeping me as a customer (for example, my online store has all of its operations hosted by Shopify) or if I am working with sensitive or irreplacable data, the consequences of an account freeze or other negative action probably would cost me more than the gift card savings.
• Under US tax law for small businesses and sole proprietors (note I am not a tax professional), I believe a gift card purchase could be treated less favorably than paying for businesses expenses directly. The documentation chain would also be more convoluted.
• I don’t view how Apple handles suspected fraud to what financial institutions do as directly comparable. Apple is not a highly regulated company with extensive compliance requirements.

Bottom line, I agree that in a lot of cases it makes sense to simply avoid Apple gift cards altogether.

I think that avoidance is difficult. Apple gift cards are ubiquitous. One will be the best option for compensation, gift or even based on security. (Would you rather give direct access to your bank account?) It is more of a case of a calculated risk. Fraud of all types is rising and consumer protection is waning.

Unfortunately, Apple Stores are NOT everywhere. For me they have ALWAYS been a multi-hour drive away.

And I intend to follow that recommendation. However, I’m curious…

Is that only at a physical store or also at the web site?

My recommendation is to give the universal gift card: cash. (I recognize that it has its own set of problems, including remote delivery, but I think that it’s overall a better path. And, of course, this is if the giver doesn’t know what else to give, which would lead to considering a gift card.)

Same here.

Yes, it’s also good at the Apple Online Store.

Phone call scams sometimes encourage people to buy gift cards for a payment. The classic is a caller pretending to be from the tax office demanding that the victim pays an overdue tax bill by using gift cards. I assume very few people fall for it but evidently enough do to make it worthwhile for the scammers.

I’d have to fly to another country.

Bottom Line: Avoid Gift Cards
This is the truth and for some, not an easy solution.
In the past, I would get iTunes gift cards at Costco. Mentally, I thought I was getting a deal of five(5) $20US iTunes gift cards for $80US or even $75US, a saving of $20-$25US.
I would then load them into my iTunes account and buy songs or complete albums. Did this for about a year or so.
Then the cards were no longer at Costco. Nor anywhere. I thought it was because Apple was moving to Apple Music. Would there be Apple Music gift cards? Nope.
Then the confusion of Apple gift cards, App Store and iTunes card, and Apple Store cards. I’ve not seen any with discounted amounts (well, not from reputable sources…buyer beware ebay and other online vendors).
I’m also one to never buy gifts cards EVER. Besides the amount of waste and plastic (non digital cards), the amount will either need to be exceeded (a $100US purchase could be $110US so the recipient would need to spend a bit more) or an amount remains. We consumers allow billions to sit and go to waste.

I still wish Paris could enlighten all on what store this was, why Apple didn’t help at first and how this all escalated to get what resolution? And are there legit vendors that are compromised (perhaps a terminal/computer that they used had been hacked/malwared?).

I’ve read that what generally happens is that people deliberately steal gift cards from the open displays at stores, bring them home and open them, reveal and record the secret redemption code. Then they alter that code somehow (erase some characters, for example), package the cards back up, return them to the displays at the store from which they’ve stolen them from, and wait for an unsuspecting consumer to purchase and have the store do their step to activate the card.

Because the secret redemption code is false, it will fail activation when the consumer gets home, but the thief who stole the cards will simply do that last step of redeeming the card to recover the value.

This is what may have happened in this case - when he tried to redeem the card he purchased, it had already been redeemed.

Perhaps the big box stores should not have open displays of these cards, but instead have consumers who want them ask for them at the register or at a customer service kiosk?

Just want to add fraud can happen at many points between the time a shipment of gift cards leaves Apple’s control and a compromised gift card is purchased. For example, the next time you are at a chain drugstore have a look at the plastic boxes that hold merchandise store workers are shelving. Those boxes are filled at the retailers warehouse-distribution center and hold a mix of products, depending on what a store is set to receive on a given day. Many hands—including shipping/receiving workers, warehouse staff, drivers, store stockpersons, and sales floor workers—touch everything contained in those boxes. When combined with the low wages and high staff turnover that are endemic in retail, there is ample incentive to steal.

So fraud is common in retail before non-store employees have a chance to do something bad. For me, that is another reason why I rarely buy non-digital gift cards. I don’t avoid buying digital gift cards directly from their issuers, though.

There’s the added aspect of cards losing value if not used within a certain amount of time. Some gift cards will start accruing “inactivity fees” one year after purchase, which eventually can deplete the card value to zero. This is most common with generic Master Card and Visa gift cards, but some retailers also do this.

(It definitely works to the seller’s advantage if a gift card is never redeemed, but there is a legitimate accounting reason for depleting the value of a card over time. When a gift card is purchased, the retailer has to account for both the incoming money and the likelihood of eventual redemption. By putting a time limit on the redemption, the retailer limits liabilities and can close the books on the account in a predictable way.)

I have twice been a victim of Apple gift card fraud in recent years. Both times involved a $100 card purchased at Target. I have purchased $100 cards elsewhere without incident. Also, have never had an issue with many dozens of cards with values between $10 and $50 over the past twenty years.

These two events are examples of different kinds of fraud in my view:

First Card; when buying the card I did not pay particular attention to the other cards on the rack, but did inspect the outside packaging which seemed to have the factory seals. Fifteen minutes after purchase, at home, I opened the package by peeling back the holographic sealing strip then attempted to redeem the card into my Apple Account balance without success due to it having been used already. Further examination of the outer package revealed a fairly weak adhesive seal along the bottom edge, which is likely evidence of how the card was extracted.

Second Card; having been burned once before, this time I compared most of the cards on the rack with the intent to avoid one that was irregular. The chosen card was then carefully scrutinized including tightness of glued edges etc. All appeared good. One to two minutes after purchase while sitting in my car in the store parking lot, I opened and attempted to redeem into my Apple Account balance only to get an ‘invalid code’ response. Thinking I had made a mistake, I repeated the process several times until a warning surfaced about the number of attempts. There was no evidence whatsoever of physical tampering to access the card. It was perfectly intact.

The first card was almost certainly physically removed and replaced. The second card could not have been removed, replaced and resealed—the packaging material was pristine—unless the fraud is so large that replicating the packaging is worthwhile. Possibly the second card’s codes had been stolen out of a database, then somehow used in a system that intercepts the activation event in real time and instantly redeems it? Or perhaps it was not fraud at all, but instead some internal malfunction or corrupt data of which Apple is aware and prepared to address on a case by case basis.

Resolutions:
First Card; Target staff pointed at Apple, Apple pointed back at Target while also researching and confirming the card had been used a week or two prior to my purchase…

Only the Target manager could do a refund, which required several visits to catch them on-duty, since for ‘privacy reasons’ staff could not share the manager’s schedule.

Second Card; After reporting the problem within 5 minutes of purchase the Target staff pointed at Apple as the only recourse. Started with phone call to Apple Support, leading to an emailed link for a secure online form. The form required contact info, purchase details, codes from card, and upload of images of fronts & backs of card, package and store receipt. Ten days later I received an email with a new redemption code which worked correctly.

To answer those asking why even use Apple gift cards for non-gift purposes. I have a desire to avoid providing a credit card or bank account details to third-parties for storage and ongoing or future charges because data breaches are too commonplace and essentially un-remediated. There used to be opportunities to buy Apple gift cards at less than face value, but not of late. More recently I have taken advantage of local grocers’ offer of $10-$20 credit on future shopping with purchase of $100 or higher Apple gift card. That too seems to have evaporated.

Since discovering that I can top-up my Apple Account balance online with a credit card in a one-time transaction without long term storage of my CC information, I have stopped buying the gift cards—and started avoiding the fraud!

Thanks for the report.

Ug, nonsense. A black mark against Target. It really irks me when a corporation requires the customer to play a guessing game to get resolution to a problem, especially one of the corporations making.

I know this will sound strange to people who have limited or no experience in service and hospitality jobs but there really is a safety issue in revealing work schedules on demand. It is not uncommon for workers to receive verbal and physical threats from customers. And sadly, big box stores in the US have often been the venue for stalking and mass violence incidents.

There is no excuse for bad customer service, of course, but I also have different expectations for different stores. I don’t expect to receive more than the bare minimum at places like Target and Walmart for many reasons. But I hold businesses that sell high-touch products at premium prices, such as Apple, to a much higher standard.

Yes, societal standards have declined significantly.

Even so, if Target tells a customer that the customer must speak with a manager, Target should give more guidance than “Return at random intervals until you get lucky.” I equate the experience described by @Scott5 about trying to see a manager to “Wear yourself out and give up so we don’t need to fix your problem.” In other words, the service did not rise to the bare minimum. My opinion, of course.

I agree, of course, that if Scott5 was expected to visit the store without any guidance of when to show up, that’s unacceptable, full stop. At a minimum, whoever was in charge of the store at that moment should have taken contact info and reached out to Scott5 whenever an answer became available.

We may not have all the details, however, because any corporately owned and operated retailer, especially those with huge, multi-department stores, has a lot of detailed rules and regulations for operating the store. It is very unusual to encounter a situation that doesn’t have a pre-formulated routine to follow.

At a retailer as long-established and geographically sprawling as Target, it would be very strange if the store was open and a manager able to make refund decisions was not present (or was unable to contact a district manager for help). There are many legal, financial, and operational reasons why chain stores require themselves to have at least one salaried, managerial level worker on site whenever the store has people in it.

To get back on topic, stories like this definitely add to why I feel leery about buying physical gift cards, particularly from third parties. There are too many security weaknesses in the system and the time and effort required to resolve problems aren’t worth the discount in most cases.

For anybody interested, this is an entertaining documentary about how scammers corrupted the McDonalds Monopoly sweepstakes for several years. A lot of what happened probably is going on in the gift card industry too.

Are the various different types of Apple gift cards actually still being sold by Apple? Several years ago, I thought they stopped selling the various segregated cards (iTunes Store cards, App Store cards, Apple Store cards, etc.) and all of the cards became essentially universal, able to be used at any Apple Store, in the App or iTunes store, or simply deposited to your Apple account for later use.

That’s not to say that there aren’t still old, maybe unsold, cards out there, but I think they all work for all Apple purposes now… don’t they?

I would actually LIKE to be able to buy an Apple Gift Card which is only good for merchandise, but I don’t think such a thing exists any more. So when you give someone an Apple Gift Card hoping they will use it to buy themselves something they want, it’s more likely they just deposit it to their Apple account and it gets eaten up paying for app spending or their monthly Apple One subscription or something.

As for the main focus of the article, I think a certain amount of prudence is warranted when buying any sort of gift cards, especially physical gift cards in places easily accessed by the public. Buying gift cards in your local Target or grocery store requires extra prudence and involves more risk.

Unless it’s a last-minute thing, I try to buy physical gift cards online and have them mailed; that seems pretty low-risk and if they get lost in the mail or something, you’re going to get a refund one way or the other. Digital gift cards are probably the safest since the typically come directly to you, electronically, and can’t really be stolen or pilfered unless your own physical or data security is sorely lacking.

Do gift cards work differently in some parts of the world? At least here in Germany, there are no physical cards with a code that could be tampered with.

To buy one at a retailer like Aldi, you pick up a “dummy” card with a face value (but no code etc., so it’s worthless when stolen) which gets scanned at the cash register so the system knows what card you are buying and for what value.

After payment, you get a receipt with the redemption code. There seems to be no chance for anyone to manipulate the card (well, except stealing your receipt or trying to take a picture of it over your shoulder and redeeming the code first).

Most gift cards with codes for mobile phone credit, Sony playstation network etc. work that way here. I’ve never had a problem redeeming one.

Cheers, Andy