Hacked iTunes accounts on sale at Chinese Taobao

Hacked accounts for iTunes Store have been available for sale on Taoboa, China’s largest retail site, with thousands having been sold over the past months.

According to Chinese news site Global Times  the going rate onsite for hacked user accounts has been approximately $30, with the promise of $200 worth of downloads of songs, movies and other such products that are available on Apple’s iTunes store.

It is reported that 50,000 illegal accounts are being sold on Taobao, providing access to credit card details for downloads, though the site has issued a statement saying that it has taken “all reasonable and necessary measures to protect the rights of consumers”.

The accounts offered online feature a disclaimer from Taobao with regards to the legality of what is being posted, and so removing itself from any liability.

The offers, which encourage buyers to complete all downloads within 24 hours before the authorities of cardholder realise the theft, carry a disclaimer from Taobao saying it bears no legal liability for the items sold, nor could it vouch for their authenticity.

In a statement to AFP the site said that it was unable to doing anything about the sale of accounts until it received a formal request to remove the ads.

“At this time, we have not received any information from Apple or any other principal related to the iTunes accounts indicating that these products either violate our listing rules or infringe on the IP of others,” the statement said.

The accounts are made either by directly hacking a foreign users’ account, which withholds credit card details for any purchases made on iTunes, or details of credit cards are stolen before an account is set up.

“If your line of work is compromising Windows PCs with password-stealing Trojans, it would not take long to harvest that many accounts that you can then sell,” said internet security expert Brian Krebs.

Apparently when Taobao customer services were questioned they took the stating-the-bleeding-obvious approach: “Of course these accounts are hacked, otherwise how could they be so cheap?”

Apple, who beefed up iTunes security measures in July last year, have not as yet issued a response.  Steve Jobs said in June that iTunes has more than 150 million customers’ credit card numbers on file.