I have been an Apple user/evangelist (current translation: fanboy) since I bought my first Mac Plus sometime in 1986. I purchased that little beige wonder to use in my recording studio in Asbury Park, NJ. I always thought Apple was bulletproof. They could do no wrong, and always cared about the experience of the Mac user.
Do I still feel that way? I’d be a blind zealot if I said yes. There have always been questionable calls on Apple’s part throughout the years. But at some point Apple stepped up to the plate, took responsibility and made things right. No matter what the cost. Financial or otherwise. It seems this concept gets harder and harder for Apple. For whatever reason.
It started June 25th with my post “Apple Developer {dis} Connection or … How My Apple ID Was Hijacked“. I explained how my Apple ID was hijacked by someone, after I logged into the Apple Developers Connection website. The hijacker took over my Apple ID by changing the username and password. Then they ever so kindly logged into my iTunes account and charged two $50.00 iTunes cards to my my attached debit card. For all the gory details I suggest reading the original post and coming back. It’s quite long and has several updates.
It’s almost a month later, and I finally heard back from Apple Developers Connection, Apple Inc and the Attorney General’s Office of Washington state. The Apple’s Developer Connection eMailed me yesterday July 22nd. After nearly a month this is what they had to say:
Subject: Re: Website Inquiries/Feedback
From: devprograms@apple.com
Date: July 22, 2009 10:30:37 AM PDT
To: ejo@go2jo.com
Follow-up: xxxxxxxxx
Re: Website Inquiries/Feedback
Hello Joe,
Thank you for contacting the Apple Developer Connection.
We are currently reviewing your inquiry and will get back to you very soon. We appreciate your patience.
Best regards,
Michele Owens
Apple Developer Connection
Worldwide Developer Relations
That’s it? A month to tell me they are looking at my inquiry? Now I don’t want to seem like a whiny whiny boy man. (I’ve already been accused of this in a comment on the original post. Which of course I deleted. My blog. My prerogative.) But … a month for an eMail telling me they are reviewing my inquiry? No results yet? Okay. I’ll give the the benefit of the doubt. Tap tap tap. Waiting waiting waiting.
On the same day I got this eMail from the AGO’s office.
Joseph Streno
13303 15th AVE NE
Seattle, WA 98125
RE: Apple Computer
File #: xxxxxxx
Dear Joseph Streno:
Our office has received the attached written response from Apple Computer. Although they have offered to make a partial adjustment, they decline to make full adjustment of your complaint for the reasons outlined.
We realize you may disagree with their position. However, our office does not have the authority under the law to force the parties to resolve their dispute. We regret that we are unable to provide further assistance to you in this situation.
We do not have the legal authority to represent individuals as their attorney, nor may we act as a judge or arbiter in individual disputes. If you wish to pursue the matter, you should consider either contacting an attorney or suing in Small Claims Court. You can obtain additional information about Small Claims court at:
<<<http://www.courts.wa.gov/newsinfo/resources/?altMenu=smal&fa=newsinfo_jury.scc>>>
For referrals to attorneys in King County: 206-623-2551 or 211
If you cannot afford an attorney, you may qualify for assistance from the NW Justice Project’s CLEAR Coordinated Legal Advice. They may be reached Toll Free at 1-888-201-1014 or online at the following website:
<<http://www.nwjustice.org/about_njp/clear.html>>
In addition, if you are 60 or over, you may call CLEAR SR. at 1-888-387-7111 regardless of income.
You may also wish to contact the Dispute Resolution Center nearest you to see if they can assist in mediating your dispute. You can obtain additional information at these websites:
<<<http://www.courts.wa.gov/court_dir/?fa=court_dir.dispute>>>
<<<http://www.resolutionwa.org/>>>.
Please be aware that the Dispute Resolution Centers do not provide attorney referrals or legal advice.
We appreciate your bringing this matter to our attention. Your complaint will remain a part of our public record of this firm’s business practices.
DAVID FERRIS
Complaint Analyst
Consumer Protection Division
This was the fax sent to the AGO from Apple:
To which I responded back to the AGO’s office:
Subject: Re: xxxxx : A notice from the Washington State Attorney General’s Office
From: ejo@go2jo.com
Date: July 22, 2009 1:43:37 PM PDT
To: xxxxx@atg.wa.gov
Dear Mr McKenna …
Thank you for being so prompt. I did get the attached PDF of Apple’s response.
Of course Apple skirted their own security issue(s) with the iTunes Store and The Apple Developers Connection website. My identity was “stolen” because of the ease one can change a password for an Apple ID.
They have outright avoided answering the question put before them. How did someone get access to my iTunes account? How, and at what time was the Apple ID changed? And in what manner was it changed, via a phone call, eMail, or the Apple website form?
The hijacker did not steal my identity to use my debit card, but stole my Apple ID and was able to log into iTunes which had my debit card attached to make purchases. There is a huge difference. And puts the onus on Apple to answer how that happened, not the credit card company. My iTunes account could have had ANY card attached to it, the responsibility is Apple’s because someone was able to hijack my Apple ID and log into iTunes at all. Without that step none of this would have happened.
That and only that is the issue! How did that happen? Apple has not answered that question at all.
I wasn’t concerned with getting the charges credited back. They were. The debit card was canceled and a new one issued. I was more concerned that no one has legally called Apple’s security issues to task. Apple’s “Apple ID” is the only way to log into ANY of Apple’s (supposedly) secure websites, or any of their electronic stores (to make a purchase.)
If this type of thing does not fall under the purvey of the AGO, I guess it’s time to try to start a class action suit against Apple.
If you have any further comments please send them along.
Thank you for all your help.
Joe Streno
And that pretty much says it all. Apple won’t admit there is a problem with their security in respect to changing a password for their Apple ID. This one item, the Apple ID is used to sign into any Apple related website, and to purchase anything on the iTunes and Apple Store. Apple could solve the entire issue by devising another more secure way to change a password and gain access to another person’s account. It’s a problem that has gone on for years, yet Apple turns a (not so) blind eye and let’s the problem continue. The other piece of the unsolved puzzle is … are there hackers out there that are intercepting an Apple ID as one is logging into a Developers Connection account? Or is it when someone is joining an Apple website for the first time. All unanswered questions seemingly unimportant to Apple.
So Apple …. is Apple ID security bulletproof? I think not! So the question remains … what to do next. I’ll wait to see what Apple reports back.
