Originally Posted by cgc0202
Let us take this issue with some degree of proportion. There are now supposedly more than 150 million iTunes customers.
How many have been hacked? 100? 1,000? 10,000? 100,000? Note that all these numbers are miniscule, in terms of the total userbase. But, in the internet age, an irate group of even a hundred or a thousand could make a "lot of noise" that may go viral and take a life of its own. The reason could be very legitimate, but it is not surprising that it may not be.
In the internet age, repetition sometimes becomes accepted as fact.
As noted by others, it is true that hacking of computers and stealing of user ID and password could lead to the problem. It would be interesting to find out in a more anonymous way what sort of computers were used by those whose ID and password have become victims.
But, is it all due to users lack of discretion in password creation and security of their specific? There were a number of instances when actual supermarkets or commercial company (even banks) databases have been compromised. Here, it was not due to the consumers' fault, but the company.
Is Apple completely safe from such similar hacking? The answer is NO.
I have been a victim of identity theft myself. I did not even lose my credit cards. I even took precautions so that some of my accounts were used for specific purposes only. It was this precaution that allowed one of the credit card companies to detect that my one of my cards was used fraudulently. They called me immediately in a matter of days, after my account with them has been used in "trial transactions" in two different states, different from my official residence. Apparently, because this specific company is part of the largest investing institution in the US (if not the world) dealing with trillions of dollars of transaction, they have specific programs that were employed to detect fraudulent financial transactions. Or, so the customer service who called explained.
Should Apple have such a systemt to detect fraud more proactively? Considering that the Apple iTunes could be considered one of the larger "credit card" institutions, it should have such security precautions.
The other card, I only found out after I received the monthly statement -- my credit limit has been exceeded which meant certain transactions should not have gone through. The bottom line is that this company also has a mechanism to review potential fraud. I was reimbursed eventually.
I use a very small company for my domain registration and annual renewal. And yet, even a single transaction is accompanied by a confirming verification number and follow-up email to ensure that it was a legitimate financial transaction or information change.
Similarly, all my payments online is secured with a verification number and a confirming email. If I am not mistaken, other large internet companies that do business online -- eBay, Amazon, etc. -- have similar mechanism to legitimize the transaction, protect the consumer and provide a recourse for potential redress in case of fraud.
If Apple does not have similar mechanisms in place, it should. If true, as reported here, that Apple lets its iTunes consumer have redress only through their financial institutions, this is not good enough.
After all, the credit card company is not really a direct party that allowed a hacker -- using the iTunes transaction mechanism -- to allow such fraudulent transaction to occur.
In the long run, this attitude may come back to haunt Apple, as an internet commerce company, if it does not take more precaution to protect its iTunes consumers more vigorously.