iTunes warning as thousands of fraudulent accounts are auctioned online

Thousands of fraudulent iTunes accounts are being sold on a Chinese online auction site, according to China's Global Times.

Thousands of fraudulent iTunes accounts are being sold on a Chinese online auction site, according to China's Global Times.

It is not clear whether the accounts have been hacked and stolen or set up using stolen or fake credentials linked to stolen credit cards.

Sellers are offering temporary access to unlimited downloads from the service for as little as 10p a time, but several listings say the accounts can be used for only 12 hours before they are likely to be shut down, according to the BBC.

"We're always working to enhance account security for iTunes users,” Apple said.

The company recommends that users whose credit card or iTunes password is stolen and used on iTunes, should contact their financial institution about any unauthorised purchases, and change their iTunes password immediately.  Apple has also published tips on protecting the security of iTunes accounts .

The company recently stepped up security at its iTunes store after a series of break-ins, and has warned users in recent months to protect their login details.

The 12-hour time limit suggests that there are reasonably robust detection measures in place for fraudulent or stolen accounts at iTunes, said Paul Vlissidis, technical director at NGS Secure, the security testing division of NCC Group.

"But this case is yet another example of how hacking can be viewed as profitable, and therefore the utmost vigilance is necessary from companies in the online services space," he said.

According to Vlissidis there is little users can do if the service provider is hacked and their data is stolen.

"However, if the user accounts have been harvested as a result of weak passwords then, to some extent, the users only have themselves to blame," he said.

Vlissidis said individuals must take some responsibility for their own security.

"It isn't rocket science - it's about using robust passwords, not sharing passwords between sites, and checking account histories and credit card statements regularly to detect any unusual transactions that might indicate a breach."

The news of the fraudulent iTunes accounts comes as Apple announces the opening of its Mac App Store offering more than 1,000 free and paid apps.

The Mac App Store brings the App Store experience to the Mac, enabling users to find new apps, buy them using an iTunes account, and download and install them in one step.

Read more on IT risk management