The other day, reports surfaced of scammers running up iTunes users' tabs through PayPal. Apple said there was no vulnerability in its system, and some blamed users for being gullible and falling for phishing scams.
PayPal had said that it would reimburse people for unauthorized charges, but now the company has put up a blog post responding to the situation. PayPal Chief Information Security Officer Michael Barrett writes:
There has been a lot of recent news coverage about unauthorized payments to iTunes, and some of our customers are concerned about the safety of their PayPal accounts. We’ve looked into this extensively, and want to assure you that: 1) the PayPal system itself has not been compromised and continues to be secure; and 2) if you have been affected by this issue, the criminals behind it have not taken over or logged into your PayPal account.
Apple has also confirmed that iTunes’ servers have not been compromised. For those customers who have seen unauthorized iTunes charges to your PayPal or credit card account, Apple has recommended that you contact your financial institution about a chargeback and change your iTunes password right away. They have some useful tips on protecting your iTunes account security here.
This should set users' minds at ease. Hopefully they will take this as a lesson to be more careful about their online experiences.
Some people did already go so far as to remove their PayPal accounts from iTunes:
Burnett also offers some tips for protection in the future.