In September Tim Cook promised that users of Apple IDusers will have the opportunity to activate a two-step authentication system that will help them protect their accounts and the information in them much more effectively. This system has been implemented for iCloud and sends email notifications when a user with an unknown device logs into an Apple ID.
Although iCloud and even FaceTime send emails when someone logs in with an Apple ID to a service, even without the two-step authentication system, the same does not happen with iMessage, iTunes Store, Apple Store or App Store. Normally users should be notified by email when an unknown device logs in with their Apple ID to such a service, but Apple does not.
Without providing such an alert to the users, they have no way of knowing if their account has been hacked by a hacker and they have no way to protect themselves in case the hackers want to steal the data from their accounts or spend their money. Two-step authentication was designed to use a mobile phone and allow authentication in accounts, but it is not necessary in any case.
In cases where the system is not used, an email with the login from an unknown device should reach the user, but Apple considers this not necessary. Unfortunately, this "escape" by Apple leaves users vulnerable to hackers and this will cost some money or confidential data.
