Dutch Web Developer Stole From Customers Using Custom Scripts
DevelopmentNews January 26, 2017 Euan Viveash
Up to 20,000 email accounts may have been hacked after a rogue web developer deliberately left backdoors in the sites he created, that only he could access.
The 35-year-old Dutch national from the town of Leeuwarden, used the personal information stolen from customers to open gambling accounts, convince friends and relatives to transfer money, and make online purchases on his behalf.
Specialists in the Dutch police are also saying that some of the identity abuses may be impossible to trace.
The Leeuwarden man may have successfully managed to portray himself as a legitimate webmaster building e-commerce sites for several years while simultaneously stealing customer login details using his custom backdoor access protocols.
A statement from Dutch police translated by Tech news website The Register said: “Various companies used him to build sites with web shop functionality. The man was able to capture user names and passwords by installing a special script. He then used those credentials to break into email and social media accounts of customers of those shops.”
The crimes only came to light after a separate investigation in 2014 expanded its search parameters, resulting in the rogue developers arrest late last year.
Unsurprisingly, all the possible victims have been asked by police to check their accounts, and update all their passwords, and enabling two-step verification wherever feasible.
And finally…
Not wanting to miss out on any illegal activity, enterprising hackers have been quick off the mark to start circulating a fake email with an attachment containing various forms of malware, purporting to be from Dutch police. For their part, the police have stated that no communication from them will contain anything to download.
Dutch police have warned that there is already a fake email with an attachment containing some of the usual nasties that is doing the rounds. The police’s communications will not contain any download links or attachments, they advised. “Never download files in emails if you do not know the sender.”
Brings a whole new meaning to the phrase ‘going Dutch,’ really. (I know, I know, I just couldn’t resist it.)