CC-licensed picture by Ben Stanfield.

A hacker claims to have broken into Steve Jobs’ private Amazon.com account.

The hacker is trying to sell details of Jobs’ Amazon.com account to journalists, including Jobs’ purchase history for several years and his credit card number.

According to the hacker, who identifies himself as “orin0co,” Jobs is an avid online shopper. Jobs has purchased 20,000 items from Amazon.com in the last 10 years, the hacker says. That’s 2,000 items a year, or more than 5 items a day, every day.

“I got myself a hold of this information,” the hacker wrote in an email sent from a secure Hushmail account. “No one else has it. I didn’t misuse it, otherwise Mr. Jobs would long ago change his login detail, wouldn’t he?”

This post contains affiliate links. Cult of Mac may earn a commission when you use our links to buy items. Read our reviews policy.

The hacker said the scam is an embarrassment for Apple, which claims Macs are less susceptible to “viruses, crashes and headaches.” (See Apple’s new “Elimination” ad).

“Imagine how safe Mac is if you can trick the mighty Steve Jobs,” orin0co wrote.

If true, Jobs would be the latest victim of so-called “whaling” or “spear phishing” attacks: online scams carefully targeted to snare high-worth victims like well-known CEOs or celebrities.

Ryan Olson, director of the Rapid Response Team at iDefense, the security company that publicized whaling in June last year, said it was possible that Jobs had fallen victim to a targeted attack.

“Yeah, I think it’s plausible,” he said. “It would not be hard to get a lot of his information because he’s a celebrity.”

Apple didn’t respond to requests confirming or denying the orin0co’s claims, or a request for comment. Amazon.com said it had no knowledge whether Jobs’ account had been compromised or not.

“I had not heard any rumors about Steve Jobs’ Amazon account being compromised as a result of a phish,” said Patty Smith, director of Amazon.com’s corporate communications, in an email. “We have a good deal of information on our web site designed to educate our customers about the various phishing scams, and ways that they can protect themselves.” (Here’s the link).

The hacker claimed that neither Jobs nor Amazon knew about his break in because it hadn’t been detected. He sent a screenshot of what appears to be Jobs’ account at Amazon.com. The screenshot shows three purchases, although details have been blanked out: A Blu-Ray DVD, a HBO miniseries on DVD, and a copy of The Nuclear Express, a history of the nuclear bomb.

Here’s the screenshot. Hit the thumbnail for the fullsize version.

Whaling attacks reached a peak in the Spring last year, iDefense claims, when a pair of professional hacker gangs targeted senior executives at companies, legal firms and government agencies.

Instead of spamming millions with scattershot email scams, the gangs targeted high-worth corporate executives with cleverly-crafted emails full of personal details. The executives received messages that appeared to come from the Better Business Bureau, Internal Revenue Service, or Federal Trade Commission, among others.

Following a link, or opening an attachment, the phony email installed a keylogger or even the full Apache server on the victim’s machine. The crooks would then monitor the computer for corporate and bank passwords. The scam claimed more than 15,000 corporate victims in 15 months, iDefense said, and netted “millions of dollars.”

There were 10 million victims of identity fraud in the U.S. in 2008, according to a report from Javelin Research (PDF). Amazon.com is a frequent target of phishing attacks.

However, there’s a few things that make orin0co’s story fishy.

The biggest problem is there’s no proof. Apple isn’t talking. It seems unlikely that Jobs would fall for such an elementary scam, and screenshots are easily faked.

Nor does it seem likely that Jobs is such an out-of-control online shopper; 20,000 items beggars belief. In addition, the screenshot, which purportedly shows Jobs’ most recently purchased items, includes only three purchases over the busy holiday period, and the last visible purchase is dated October 2008.

Nonetheless, here’s the email exchange with orin0co:

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1 Hi,

The reason am writing to you is that your book is among first to

sell in amazon:

http://www.amazon.co.uk/steve-jobs-Books/s?ie=UTF8&keywords=Steve%20Jobs&rh=n%3A266239%2Ck%3ASteve%20Jobs&page=1 I will try to be as short as possible: 2 years ago, I set a amazon.com fake page, and sent emails to different IT people around the globe. Among some other unknown person, Steve Jobs got my mail, he didn’t notice the scam I set so he “updated” his amazon account with data( name, address, credit card number, phone, amazon user and password) which I received, sent to my mail. Now, it was not my intention to misuse his account (which is still untouched!), the sole purpose was if the “scam” was so perfect that even IT Guru’s will fall on it. I saw you are the bestseller with a book on S.Jobs, I still have access on his amazon.com account, with all his purchase/interest details for 6-7 years. Now I just checked again, and he didn’t use it since December 22 last year, for reasons known to us. I intent to sell this information, that’s why I picked you as first on the list. If you are not interested, am sure other book authors on SJ life (Jeffrey Young, William Simon, Alan Deutschman, Anthony Imbimbo, Daniel Lyons or any others) will be very interested to know about this. Hope to hear from you, Regards p.s. I can provide “print screens” logged in SJ amazon account. —–BEGIN PGP SIGNATURE—–

Charset: UTF8

Version: Hush 3.0

Intrigued by the first email, I asked orin0co how much he hoped to charge for the information and how he would prove it was genuine. He replied: