Compromised Apple iTunes Accounts Sell for Cheap Online
Roughly 50,000 active iTunes accounts are reportedly being sold online for as little as 15 cents.
According to China's Global Times newspaper, the accounts are being sold through taobao.com, a popular Chinese-language online store, for between 1 and 200 yuan-the equivalent of between 15 cents (USD) and $30 (USD). A reporter for the newspaper tested the waters by paying $5 to a seller on the site, and in exchange was given an iTunes username and password that permitted access to the account and ultimately credit card and billing address information.
"Potential buyers are promised access to music and movies through iTunes amounting to seven times more than the amount paid," according to the report. "The only restriction is that all downloads should be made within 24 hours of the transaction being completed at [the site]."
According to Global Times, thousands of such accounts have been sold during the past several months. It is possible user account credentials were phished or stolen through malware. It is also possible the accounts were established using stolen credit cards.
"If you think about it, there are cyber-criminals out there who make money from stealing 'virtual goods' from online role-playing games and sell them for hard cash-so if they can make money from, effectively, 'nothing,' they can make money from iTunes accounts too," Graham Cluley, senior technology consultant at Sophos, told eWEEK. "If people are prepared to pay for something-cut-price access to iTunes-there will be others who will try and supply it."
In response to the report, Apple is advising users to take action if they suspect their account may be compromised.
"We're always working to enhance account security for iTunes users," an Apple spokesman said in a statement. "If your credit card or iTunes password is stolen and used on iTunes, you should contact your financial institution about any unauthorized purchases, and be sure to change your iTunes password right away."