Then hoovered out users’ personal data, stole identities galore and spent up big
Dutch police are this week warning 20,000 users that their email accounts were hacked after a malicious web developer left backdoors in the sites he built.
Cops found the credentials in the un-named 35 year-old man’s email account and say he used the stolen personal details to open accounts, convince family members to transfer money, and make online purchases.
Some of the identity abuses are impossible to trace, police say.
The Leeuwarden man established himself as a legitimate webmaster building e-commerce sites, but used the backdoor to steal customer logins.
“Various companies used him to build sites with web shop functionality,” police say (Dutch).
“The man was able to capture usernames and passwords by installing a special script.
“He then used those credentials to break into email and social media accounts of customers of those shops.”
The man was arrested last year after a 2014 police operation gradually expanded in scope as the extent of his crimes was realised.
He used stolen social media accounts to convince victims’ family members to transfer money to him and opened accounts on online gambling sites with personal information he acquired.
Police are now warning (Dutch) victims to check their accounts and change email passwords, and have alerted website admistrators to search for the backdoor script he implanted.
They also warn web masters to employ trustworthy web developers since such backdoors are easy to place. ®
Sponsored: Customer Identity and Access Management