The accounts are available on TaoBao.com, the Chinese equivalent of eBay, for prices ranging from about 15 cents to $30 each, China's Global Times reported Thursday. Potential buyers are being promised access to seven times the purchase price in movies and music. The only restriction is that the buyer conduct all downloads within the first 24 hours of buying the illegal account.
Thousands of accounts have been sold over the last several months, the newspaper says. How the accounts were stolen is not known for sure. Hackers either opened iTunes accounts using stolen credit cards, or stole user IDs and passwords using Trojans or other malware disguised as legitimate attachments in emails sent to people living outside of China, the Global Times reported. Such malware, when opened, launches software that can capture keystrokes when people logon to sites and send that information to cybercriminals.
Apple was not immediately available for comment.
iTunes, the largest music store in the United States, with 150 million users, has been a regular target of criminals for years. Last October, crooks looking for credit card numbers emailed fake iTunes receipts in trying to trick recipients to open malware dubbed Zeus. The software was designed to steal passwords and financial Web site access credentials. Such phishing attacks often succeed because of the simplicity of the tactic, experts says.
Earlier last year, Apple acknowledged that a hacker broke into about 400 iTunes accounts. Apple beefed up security measures as a result of the attack, requiring iTunes users to enter their credit card's CVV code to complete a transaction.
The alleged hacker was identified as Thuat Nguyen, whose applications were tossed from Apple's App Store after he allegedly manipulated sales data to make it appear 42 of his e-books were among the site's top 50 digital books.