ITunes security lapse frustrates Apple user

A security breach with Apple's music program iTunes has left a sour note with a once-devoted fan.

Defrauded consumer on hook for $300

A security breach with Apple's music program iTunes has left a sour note with a once-devoted fan.

In April, someone hacked into Lindsay Thomas's iTunes account, racking up almost $300 in purchases, including Chinese applications.

The Edmonton resident found out from a purchase email confirmation Apple sent to her.

"I wasn't sure what had happened and how it had happened, but I just wanted answers for it and I wanted my money back because I didn't think it was fair that I had to pay for this … obviously I didn't buy these," Thomas told CBC News.

"I don't speak Chinese, so why would I want Chinese [applications]?"

Thomas emailed Apple asking for her money back but the company told her it's not to blame.

Apple users like Thomas are responsible for the security of their accounts and for any losses that occur, the company said.

The iTunes program allows users to legally buy songs and applications for their iPhone, iPad or iPod over the internet. When someone signs up for iTunes, they provide their credit card information, which is stored on file for future purchases.

When CBC News contacted Apple about Thomas's case, the company said in an email it will not "comment on ... specific customers nor ... comment on how the iTunes store functions."

Thomas called her branch at the Royal Bank of Canada, which issued Thomas her credit card, but was told it wasn't the bank's fault either.

Thomas's bank has not refunded her money, but when contacted by CBC News said it was looking into the incident.

Hacking software on the rise

While there are no statistics available, CBC News found several people online complaining of similar incidents.

John Zabiuk, a computer and network security professor at the Northern Alberta Institute of Technology in Edmonton, said he isn't a surprised by Thomas's problem.

Zabiuk said hacking software is a cinch to write and your computer can be attacked simply by visiting a website.

"What they can do is simply capture every keystroke that you put in, and as a result of that, at the end of the day, that's just mailed to the attacker through email, and they now have everything you've typed," he said.

"If it's users' names and passwords or credit card numbers, they've got it all."

Zabiuk said he agrees with Apple's response not to refund Thomas's money.

He said computer companies like Apple are taking a zero tolerance approach on password security, meaning that Thomas should have done more to protect her account, her computer and her password.

Thomas just wants her money back.

She said she will have to work extra shifts as a nurse to pay the $300 she owes on her credit card.

Thomas said she is keeping her iTunes account, but she's changed her password.

"I used to always have PCs and I switched to Apple because of their commercials … that they have the better product and they provide better customer service and all of these things," she said.

"And then in the end, they just, kind of, leave you to suffer the consequences of their crummy security system."