It's been big news lately that iTunes was reportedly hacked and users' confidential data, credit card numbers and the like, have been stolen. Fraudsters ran up huge charges, drained PayPal accounts, and generally ran amuk. The $50,000 question though is this: was the security breach on Apple's side or the users?
Apple products are generally well known for security, so any story in which there's some kind of security breach hitting Cupertino, and the media run wild with speculation. In this latest round, quite a bit of digital ink was spilled suggesting there might be a hole in iTunes allowing for these exploits. But according to John Paczkowski at Digital Daily, it appears that once again the media is pointing in the wrong direction.
Much in the way that Gawker and other sources flogged Apple for the recent iPad security breach that turned out to be a hole in AT&T's network, it seems that Apple has been diligent in iTunes security. Know who's not so diligent about personal security?
Who was it who infected the office computer with a virus because they downloaded an infected video of kittens? Who was it who cruised some questionable sites and got a drive-by Trojan that popped up security warnings about infections on the hard-drive? Who was it who opened a Word document despite the warning about sketchy macros?
It was the user. It was your grandma or your little brother. We all know someone like this, someone who falls for that fake alert message pop-up ad designed to look like it's from Microsoft. Someone who blithely clicks just about any link you put up on the monitor. Someone who just can't seem to get it through his or her head that there are unscrupulous people online who will lie and cheat.
To hear Paczkowski tell it, his sources at Apple say there is no hole in iTunes security. What there is, however, is the tired old stand-by that continues to work, a phishing scam. Users with PayPal or iTunes accounts are sent an email alerting them that their password has been compromised and they need to head on over pronto and fix the problem. Users then click on a bogus link that takes them to a site designed to look like PayPal or iTunes or eBay or what-have-you, they enter their real password, then enter what they think is their new password, and bingo, the scam is on.
Apple put out the standard disclaimer recommending you contact your financial institution if you feel you've been targeted and to change your iTunes password as soon as possible. And that will work, for those already burned, until the next round of phishing emails end up in the wrong inbox.
