w00t – coverage in El Reg of the Apple ID nuisance…
Alec Muffett, a network security expert, responded to Karppinen’s tale by posting links to accounts of his own experiences of suffering from credit card fraud days after his Apple ID was stolen in November 2006. Although he has no proof Muffett reckons this is more than just a coincidence. He reckons that crooks either got the credit card number from Apple, or swiped info from his Apple account to fill gaps in information they had obtained somewhere else.
“My theory is that the crooks are milking Apple IDs – with their oh-so-friendly password recovery mechanism – for card meta-information, correlating it with stuff elsewhere, and then using it on the handful of traders who’ll accept dubious data for anonymous services,” Muffett wrote.
Muffett’s blog contains tips on how to avoid getting hit.