Suppose you're running the team at Apple that works on the iTunes gift codes. What do you do here to cut your losses?
Obviously change the algorithm used to generate the codes for a start. And even though the codes themselves are indistinguishable from real codes, you can probably detect patterns in their use (ie, someone from a town in China who's never had an iTunes account before suddenly buys $100 of music) and prevent a subset those codes from being redeemed (with some very small amount of false positives).
It might've been not the algorithm that got broken, but, say, a private (RSA) signing key was recovered. It all really depends on how exactly the whole thing is designed.
Obviously change the algorithm used to generate the codes for a start. And even though the codes themselves are indistinguishable from real codes, you can probably detect patterns in their use (ie, someone from a town in China who's never had an iTunes account before suddenly buys $100 of music) and prevent a subset those codes from being redeemed (with some very small amount of false positives).
What else would you do?