I'm an Apple fan. I'm typing this on a Mac, we record my radio show on a Mac, and I sell both audio books and music via the iTunes Store. Apple does a lot of things right. Unfortunately, security of your personal information via iTunes isn't one of them.
Over the weekend, my iTunes account was hacked. I found this out when I noticed unauthorized charges for iTunes downloads on my bank statement.
When I got on iTunes to see what was going on, I couldn't get into my account. When I used iForgot to retrieve my info, I found out that not only had my password been changed, my Apple ID had been changed also. This made their automated password retrieval system useless.
You would think that Apple would let you know when a change is made to your account, especially your email address. That's a standard security measure, which most sites do. For some reason, Apple doesn't.
How easy is it to get your iTunes login info? Anybody with your email address, date of birth, and address can change your Apple ID information. And since, for me, that information is all over the place online, whether it be Wikipedia's entry about me or the contact page on any number of web sites I'm associated with, that's not hard to come by...
Think it can't happen to you? Apple security is so bad that a class action lawsuit has been filed, alleging it violates the Fair Credit Reporting Act (FCRA) by printing purchaser names, addresses, email addresses, and phone numbers on receipts.
Fortunately, I caught the problem early. After a couple of emails to Apple and a helpful phone conversation with somebody from Apple Cares named Edward, after about an hour of work and conversations with two additional departments, I was back in. It's worth nothing though that Apple refused to refund charges, even when all evidence pointed to its lack of proper security as the cause of this incident. If this happens to you and you want your money back, you'll need to go to your credit card company and file a dispute.
SECURITY SUGGESTIONS FOR PEOPLE WITH AN ITUNES ACCOUNT:
1. Use a fake date of birth.
2. Remove your credit card from iTunes. If you need to buy something, you'll have to type it in each time, but this will save you considerable hassle should your account ever be compromised. Do a search for "itunes account was hacked" and you will see several stories of this happening to people.
3. Make the answer to your "Security Question" something that nobody will be able to guess.
Using a Mac or iPhone? 1Password is a great solution to the issue of online security. It can create strong, unique passwords for you as well as remember them. You simply remember a single, master password.
PC users, try RoboForm for a similar solution.
As many of the readers of this blog, like me, make money selling content via iTunes, I hope Apple will improve iTunes security and start doing a better job looking out for its customers. Not only is this is nuisance if it happens to you, it can also cause people to lose faith in iTunes and stop spending money there.
