Chinese hackers crack iTunes Store gift codes, sell certificates

A group of Chinese hackers has succeeded in cracking Apple’s algorithm for encoding iTunes Store Gift Certificates, and are creating discounted certificates using a key generator. Outdustry reports that a number of the codes are available on the site Taobao, with $200 cards selling for as little as $2.60. The owner of the Taobao shop offering the cards admitted that the codes are created using key generators, and that he paid to use the hackers’ service. He also said that while the price of the codes has dropped steadily, store owners make more money as the number of customers grows.

  1. It’ll be interesting to see how Apple chooses to handle this. If they can identify stolen GC numbers, will they start banning iTunes accounts that attempt to redeem those GC numbers?

    And while it would be possible for Apple to just ignore this, there’s also the question of how this affects legitimate gift cards… if these people generate a code that exists on an unsold physical gift card, the code that is used first is going to be the one that is honored. If the gift card is used first, the buyer of the illicit code is out their money, and hooray for that. But if the buyer of the illicit code redeems it first, the owner of the legitimate gift card paid money for a worthless piece of plastic… and I imagine that having a valid gift card rejected by iTunes is not going to be a pleasant user experience, especially for those for whom it’s their first exposure to the iTunes store.

  2. Personally, I can’t imagine that a random number can be generated that happens to work. I thought each card had to be activated prior to use.

    This sounds like credit card fraud masquerading as a hack to get headlines. People steal credit cards and purchase Apple gift cards. The numbers are then sold at a discount.

  3. while it may cause some incomfort… if you legally bought a card, you always have physical proof. Just send in the card, and apple is forced to redeem the value, if they deactivated it.

  4. Reading the site earlier it stated that you were not buying an iTunes card but only the code which would be emailed to you after your payment went through successfully.

    The site is no longer available to access but give a message that the account is using too much CPU/memory time.

    [i]Please note: that this page will be automatically removed as soon as the load decreases for your site.
    Further details about this temporary halt in service can be found here.[/i]

    There must be a lot of people checking out this site. I really hope they are not trying to do business at the site. I am skeptical about giving them so much personal information.

  5. I think those codes are pretty useless since the serial number of the gift card needs to be activated through a apple trusted database. Every merchant who sells iTunes cards (electronically or in-store) has a connection to one of those databases and requests the activation of the serial number (That’s the reason why you sometimes see the cashier typing the number of the gift card into the system).

    I don’t doubt that the algorithm is hacked but the next step would be that those hackers found a way to activate the serial numbers through a trusted database. I believe that Apple has a list of all generated serial numbers. Even the hackers got access to a trusted database gateway– the database will try to match the serial number with one on the list. Since they creating random serial numbers it would take forever to match a “real” serial number.

    I only heard that they hacked the code but are they any reports that people successfully activated a “fake” serial number?

    Summary: It’s a scam!

  6. I’m Chinese. I knew this long time ago. Yes, you can successfully activated a fake gift code on iTunes store. But after a while, Apple would ban those accounts use those gift codes. Most people who bought those fake gift codes are screwed.

  7. This is to Brian – The number isn’t really random, the hackers figured out how apple makes the codes, so the hackers are making the codes just as apple does, just in an illegal and i little bit different way. Thats what i read somewhere anyway

  8. Guys they hack xp vista, linux, and other operating systems that make BIllions of dollars, What in the world would make you think that a crappy gift card code or the ecryption algorithm would be hard or impossible??? But in all reality why use Itunes if you can use limewire…, maybe so you wont get a corrupted mp3?

  9. You would use iTunes (legaly) becouse artists and programmers have worked hard making those songs, videos or apps. Its like you work one month really hard and at the end you was hoping for promotion, but they didn’t even pay you becouse the bank account of your work was hacked by some idiot.

    It even gets worse, as you don’t pay your artist or programmers, they eventually don’t have the money to make new songs or apps and the whole iTunes store will be empty, “sorry about that $2.60 but if you’d payd a real card we’d now be offering music and apps”

    I do agree, sometimes you’d rather not want to pay for a song, but who cares about $0.99 for a song. In fact, it’s pretty cheap.

    But that’s my opinion

Leave a Reply

Your email address will not be published. Required fields are marked *