50,000 Stolen iTunes Accounts On China Auction Site

Hacked user IDs and passwords are being offered on TaoBao.com for prices as high as $30 each.

By Antone Gonsalves   InformationWeek
January 07, 2011 09:35 AM

Top 10 Apple Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Apple Stories Of 2010
Roughly 50,000 Apple iTunes accounts stolen by hackers are said to be for sale on China's largest auction site.

The accounts are available on TaoBao.com, the Chinese equivalent of eBay, for prices ranging from about 15 cents to $30 each, China's Global Times reported Thursday. Potential buyers are being promised access to seven times the purchase price in movies and music. The only restriction is that the buyer conduct all downloads within the first 24 hours of buying the illegal account.


More Storage Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

Thousands of accounts have been sold over the last several months, the newspaper says. How the accounts were stolen is not known for sure. Hackers either opened iTunes accounts using stolen credit cards, or stole user IDs and passwords using Trojans or other malware disguised as legitimate attachments in emails sent to people living outside of China, the Global Times reported. Such malware, when opened, launches software that can capture keystrokes when people logon to sites and send that information to cybercriminals.

Apple was not immediately available for comment.

iTunes, the largest music store in the United States, with 150 million users, has been a regular target of criminals for years. Last October, crooks looking for credit card numbers emailed fake iTunes receipts in trying to trick recipients to open malware dubbed Zeus. The software was designed to steal passwords and financial Web site access credentials. Such phishing attacks often succeed because of the simplicity of the tactic, experts says.

Earlier last year, Apple acknowledged that a hacker broke into about 400 iTunes accounts. Apple beefed up security measures as a result of the attack, requiring iTunes users to enter their credit card's CVV code to complete a transaction.

The alleged hacker was identified as Thuat Nguyen, whose applications were tossed from Apple's App Store after he allegedly manipulated sales data to make it appear 42 of his e-books were among the site's top 50 digital books.

In this Dark Reading Tech Center report, we explain how your security and network teams can cooperate and use common tools to detect threats before your systems are compromised. Get it now (registration required).

, join the conversation

Related Reading

News

More News»

Most Popular

More Popular»

Commentary

More Commentary»

On the Web

More On The Web»

Video

More Videos»

Slideshow

More Slideshows»


Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
T-Shirt Giveaway T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting!
Subscribe to RSS

Resource Links