50,000 iTunes accounts for sale, cheap, on Chinese auction site

If you’re an iTunes customer, you may want to pay very close attention to your account activity, especially if you have your payment account information conveniently integrated into your iTunes account to enable seamless purchases.

Some 50,000 iTunes accounts are on sale on TaoBao, the Chinese equivalent of eBay. Listings offer access to iTunes accounts priced from 15 cents to $30. One of the accounts could be yours.

An intrepid reporter for the Chinese Global Times, named Zou Le, broke the story. Le paid $5 for an iTunes username and password, and got access to credit card details and the address of an American iTunes customer.

The iTunes account sellers are advising TaoBao buyers to move within 12 hours to download apps, movies, games and music from the online store, after which the account is likely to be suspended.

You don’t even have to read Chinese to buy one of these iTunes accounts. Google’s Chrome browser includes a nifty translation feature that will display TaoBao’s listings in English, with a click of your mouse.

Graham Cluley, senior technology consultant at antivirus firm Sophos, says it is possible the fraudulent accounts could have been created from scratch by the bad guys using stolen credit card details. However, criminals like to take the easy path to payoffs. The simplest way to pull this off would be to acquire stolen iTunes account logons in the Internet underground, and then put them up for sale on Taobao.

An entire cottage industry of data thieves exists to gather every one of your account logons. Stolen logons are sold like commodities in the Internet underground.

Logon harvesters send out viral emails and viral Facebook and Twitter messages and postings. They appear to come from trusted sources, but the viral messages and postings imbed keystroke loggers tuned to record and transmit any account logons you may type. Logon stealing gangs also scatter similar infections far and wide across the Internet — on popular websites and Google search results.

This isn’t the first time crooks have set out to cash in on iTunes accounts. Last August,  iTunes users reported unauthorized charges to PayPal accounts associated with iTunes purchases, some losing as much as $1,000. And last July, hackers cracked into iTunes accounts to steal iPhone and iPad Web apps.

By Byron Acohido