DODGY DUTCH DEVELOPER STEALS 20,000 PASSWORDS
Defendant allegedly plundered websites he had been contracted to develop.
Police in the Netherlands have launched a public appeal for possible victims of a password scam to come forward and assist in their investigations into the activities of an as yet unnamed 35-year-old Dutch developer.
The developer stands accused of illegally accessing victims’ email and social media accounts, fraud and identity theft, using 20,000 passwords he plundered from websites he had been contracted to develop for several businesses.
Investigators claim that he stole a slew of customer credentials over several years from 140 websites he built for businesses in the Netherlands. Besides building e-commerce features, he planted a hidden malicious script which captured customers’ credentials for purchases at online stores.
“Those credentials he then used to break into email and social media accounts of customers of those shops,” a police spokesman revealed this week, reminding internet purchasers to change passwords from time to time, not use the same passwords for all transactions, and exercise care over their private and sensitive information.
The spokesman said that the accused had used most of his ill-gotten gains to gamble online using other people’s identity cards to register with online gambling sites, and using breached social media accounts to pose as family and trick victims in to transferring money to an online payment service, which he then moved to credit cards and spent.
The developer was arrested in July last year following a two-and-a-half year investigation that was triggered by a report from an online retailer over a single fraudulent order. The investigation was widened in mid-2016 after the scale of the fraud became clear.
In developing the case, the police have reached out to Dutch companies that may have been impacted by the developer's activities.
They have also warned of an emerging new threat from other scam artists, who have rather cheekily been using the police use of warning emails to launch their own scams, sending falsified "police" emails with links to sites where the gullible are urged to insert their personal information.
The police have been obliged to advise the public that they never include links, downloads or requests for private information in their official emails!