I recently signed up for an iTunes account, and found that somebody had fraudulently used MY email to register their iTunes account. Why Apple did not validate the email address, I will never know.

Now I am told that I cannot use my email address to register a new iTunes account, as this email address is linked to an existing account.

This got me thinking, as developers, database administrators, technical analysts, and everything in between, how should we handle reports of a fraud account?

Experience teaches us never to re-assign identifying credentials. This can break things and/or cause mass confusion, especially in the realm of the web.

That is, if we are are needing to reassign an identifying user credential we can very likely break a users bookmark by making a page render data that previously did not exist at that location.

So if we have been taught not to re-assign details like these, how should we handle such a case where an account is discovered to be a fraud and the owner of the identity (e-mail or user name) wishes to claim this detail for their account?