Re: I am actually fairly amazed that two such major companies have/had systems that.........
Yep, heard about her..
I also heard about the bloke in the early 70s who used social engineering techniques (in this case, flirting a lot with the women of the company) to scam about $1,000,000 worth of equipment out of a telco in America.
All without touching a keyboard.
This lapse of security by both Amazon and Apple (who are both supposed to be experienced service providers) is worrying. It's worrying because we (with their encouragement) are entrusting increasing slices of our lives to their storage. In the case of Amazon, we are also increasingly trusting potentially sensitive procedures and data from various companies to them, in the guise of their "Cloud" services. Data that can seemingly be accessed by someone phoning up and asking (essentially).
That's not to let Apple off. No. While Apple don't let you run your own procedures on iCould, they are still storing potentially sensitive data for various individuals and probably organisations. Data that, as above, can seemingly be access by someone phoning up and asking.
Both companies need to up their security. Hell, even Facebook offers two factor authentication.