i'm dealing with a similar issue. i woke up yesterday to my bank calling me letting me know of $1050 in itunes purchases.
i log into my itunes account and see a bunch of charges for 'in app' purchases for virtual poker chips comming from the zynga app 'live poker 7k free' only problem is that I don't have this app installed on my ipad or any other 'idevice'
I'd be interested to hear what was bought on the OP's itunes account.
My Ipad is jailbroken, and I did take precaution and change the root password (seeing as cydia tells you to do that!) and I never bought anything (to my knowledge) over any unsecure wifi. i mainly use my own secure wifi (spa) or i use the att 3g.
I really want to figure out how the attackers got my itunes account info. and what they have to gain by buying these virtual poker chips.
i've only installed a handfull of JB apps: backgrounder, sbsettings, mywi (and that weird ROCK licensing program that get's installed with mywi) winterboard, fullforce, activator, open ssh, and a few themes i found in the cydia installer, which i've since deleted.
Could there be a rogue app / theme or some other vunerability in cydia or ROCK that compromises security of our idevices and sends our itunes info to theives? I don't know but it sure seems like it.
i've since changed my itunes password and removed my credit card from my itunes account, and working with apple (what a joke, they dont' have phone support for stuff like this, and they take forever to reply to email) and zynga to get refunds.
so far zynga has actually replied to my email asking for a refund and for device info related to unauthorized charges, but they say "they can't find the transactions"
just thought i'd add my 2 cents in here and let people know about my experience.