Hacked user accounts for Apple's iTunes Store are for sale on China's largest retail website Taobao, providing illegal access to credit card details for music and TV downloads, state media said Thursday.
A search by AFP on Taobao showed several shops were selling iTunes accounts for around 30 yuan (4.5 dollars), promising downloads of songs, games, movies and other products worth 30 dollars through Apple's online entertainment store.
The Global Times reported that around 50,000 illegal iTunes accounts were being peddled on Taobao at prices ranging from one to 200 yuan.
Thousands of accounts have been sold over the past several months, it said.
The offers seen by AFP carried a disclaimer from Taobao saying it bore no legal liability for the items sold, nor could it vouch for their authenticity.
Taobao said in a statement to AFP on Thursday that the company took "all reasonable and necessary measures to protect the rights of consumers" and could not act unless it received a formal request to remove the ads.
"At this time, we have not received any information from Apple or any other principal related to the iTunes accounts indicating that these products either violate our listing rules or infringe on the IP of others," the company said.
Experts said hackers either hack foreign users' iTunes accounts, which keep credit card numbers on file, or steal details of overseas credit cards to register several iTunes accounts that are then put on sale.
"If your line of work is compromising Windows PCs with password-stealing Trojans, it would not take long to harvest that many accounts that you can then sell," Internet security expert Brian Krebs told AFP.
A customer service representative for one of the Taobao stores was quoted by the Global Times as saying: "Of course these accounts are hacked, otherwise how could they be so cheap?"
The report said those who bought hacked accounts were encouraged to use them for 24 hours only --- presumably as their real owners would catch on to the fraud and cancel their credit cards.
Apple did not immediately respond to AFP requests for comment on the report.
In July, Apple strengthened security measures on iTunes, asking users to make more frequent entries of the CCV code -- a three- or four-digit number on the back of a credit card -- when making purchases from a new computer.
At the time, Apple advised users whose "credit card or iTunes password is stolen and used on iTunes" to contact their financial institution and change their iTunes password.
Almost two-thirds of all adult web users globally have fallen victim to some sort of cybercrime, including having their credit card details stolen, according to a report issued in September by Internet security firm Symantec.
China had the most cybercrime victims, at 83 percent of web users, followed by India and Brazil, at 76 percent each, and then the United States, at 73 percent.
Explore further: Individual privacy versus digital driftnets