Hacked iTunes accounts are available for sale for as little as 10p on China’s leading online shopping site, according to reports, with credit card numbers visible to anyone buying the dodgy details.
The State-run Global Times said that 50,000 illegal accounts were up for grabs on the Taobao website, with buyers promised the ability to buy music, video or apps.
For 200 yuan (£19.50), a web user in China can purchase an account with vouchers worth up to $200 to buy digital products at Apple’s music, movie and applications vault. Some hacked accounts worth less were on sale for 1 yuan.
“Of course these accounts are hacked, otherwise how could they be so cheap?” a customer service representative of one of the online stores told the Global Times.
I found that my account was used to purchase a $50 iTunes gift card. This was not my credit card. I suspect someone else credit card was stolen and used under my name
The offers are only valid for 24 hours, to allow for the fact that the hack could be rumbled at any time.
“A 24-hour limit is out of concern that the legitimate user will discover his account being violated and cancel his card within this period,” the paper quoted Chongqing-based IT expert Xu Yuanzhi as saying.
Xu added that hackers either directly hacked iTunes accounts owned by foreign users or stole the details of overseas credit cards, which are then used to register several iTunes accounts for purchases.
A Times search of the country’s websites showed that thousands of such accounts had been sold in recent months.
In tests, a reporter paid $5 to a seller through Taobao’s online payment system, who then provided a username and password to iTunes.
After accessing the account, the credit card details of the real user appeared under the payment information, with a billing address in the US.
Security nightmare
Apple forums show plenty of people have been caught up in such scam, sometimes with both their account and credit card compromised.
“I was lucky – I had already [had a] small fraud charge of just a couple of bucks. So I have removed my American Express credit card and did charge back,” wrote user olexiyb late last year.
“But today I found that my account was used to purchase a $50 iTunes gift card. This was not my credit card. I suspect someone else’s credit card was stolen and used under my name.”
According to security experts quoted by the Times, there are five trojan virus production-and-distribution gangs in China, and more than 300,000 people are employed developing and selling the virus used to steal account information.
Apple said it was working to tighten security but said users should take any fraud up with their banks, not iTunes.
“We’re always working to enhance account security for iTunes users,” the company said in a statement. “If your credit card or iTunes password is stolen and used on iTunes you should contact your financial institution about any unauthorised purchases, and be sure to change your iTunes password right away.”
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
