Hundreds of Mac users have been snared in a phishing scam that coincided with the glitches in the roll-out Apple's MobileMe service.

Data obtained by CardCops, a credit card protection service owned by the Affinion Group, shows sensitive information belonging to several hundred people with Mac.com email addresses being traded in underground forums frequented by identity thieves. The details include social security numbers, birth dates, mothers' maiden names, credit card numbers and other sensitive information.

The graphic to the right, which has been edited to remove personally identifying details, shows some of the data that's been available.

The information was phished using emails that began circulating around the same time Apple began its ill-fated transition from Mac.com to Me.com. The scams bore subjects such as "Billing problem." Following the link as recently as Tuesday while using Apple's Safari browser, we were taken to an authentic-looking page purporting to belong to Apple. It asked users to reinstate their accounts by entering a dizzying array of personal details. (Interestingly, while Internet Explorer warned us the page was a scam, neither Safari nor Firefox flagged it.)

Among those who took the bait was someone in Desiree Holtadams's home. She said the confusion caused by the MobileMe transition caused her to lower her guard.

"I was wondering if they might have switched me over to MobileMe," she told The Reg. "A few weeks ago, there was no access to the Apple account at all for us."

An Apple representative didn't respond to an email requesting comment for this story.

Several of the Mac.com victims we spoke to reported getting phishing emails purporting to come from iTunes. Evidently, Apple users are a popular target. ®

Related stories

• Mozilla security chief: Apple should open up (15 September 2008)
• Apple code of secrecy imperils Aunt Mildred (10 September 2008)
• iTunes, and Sting, banned from China (22 August 2008)
• Apple's MobileMe plays into hands of spammers (22 August 2008)
• Defcon Surfing Google may be harmful to your security (9 August 2008)
• Romanian phisher confesses to scam targeting financial giants (23 July 2008)
• Web browsers face crisis of security confidence (23 June 2008)
• PayPal ambushes users with mystery Skype charges (13 June 2008)
• 'Untraceable' phone fraudsters eye your credit card (3 June 2008)
• 'Secure' PayPal page is... you guessed it (16 May 2008)
• Exclusive So who sent you that spam? HP or Oracle? (28 March 2007)
• Anatomy of an eBay scam (21 March 2007)