Dutch developer used built-in backdoors in websites to steal personal information of customers
A 35-year-old unnamed web developer from Leeuwarden, Netherlands has used personal information stolen from customers to open gambling accounts, convince friends and relatives to transfer money, and make online purchases on his behalf, according to The Register. Some of the identity abuses are impossible to trace, police say.
Apparently, this man who left backdoors in the websites he developed has left email accounts of 20,000 people being hacked, warns law enforcement.
The Leeuwarden man portrayed himself as a legitimate webmaster building e-commerce sites, but instead stole customer logins using the backdoor.
A notice published by Dutch police says that “Various companies used him to build sites with web shop functionality. The man was able to capture usernames and passwords by installing a special script. He then used those credentials to break into email and social media accounts of customers of those shops.”
The extent of his crimes came to light after a related police investigation from 2014 expanded in scope, which eventually led to his arrest last year.
Police are now warning Dutch victims to check their accounts and change email passwords to be safe. Using a two-factor authentication for password would be a safer way to protect the accounts.
The Dutch Police have also notified website administrators to search for the backdoor script he inserted, and warned web masters to employ trustworthy web developers as such backdoors are easy to be implanted.
According to an update given by Dutch police, there is already a fake email that is doing the rounds with an attachment containing some of the typical nasties. They advised that their communications will not contain any download links or attachments. Adding further, they said: “Never download files in emails if you do not know the sender.”
Source: The Register