Dutch Developer Built Backdoors into Thousands of Sites

A Dutch web developer was found to have built backdoors into thousands of sites he built, which he then used to steal user credentials for fraudulent means, including online shopping and gambling, according to Dutch police. The unnamed 35-year-old man from Leeuwarden in The Netherlands used these details to open false accounts for online stores and betting sites, and even to contact users’ family members to steal money from them.

“Various companies used him to build sites with web shop functionality,” Dutch police says. “The man was able to capture usernames and passwords by installing a special script. He then used those credentials to break into email and social media accounts of customers of those shops.”

The man was arrested last year following a two-year investigation. Victims whose details found in the suspect’s possession have been warned about the issue.

“The suspect’s computer equipment was confiscated for investigation and we found thousands of user credentials on it,” a Dutch police statement reads. “These user credentials have been used by the suspect to make online purchases or open gambling accounts, although it not possible to trace them all. We advise that users whose credentials were in possession of the suspect change their details immediately.”

After this statement was released, Dutch police revealed that fraudulent e-mails have been sent out, claiming to be part of the investigation and asking the recipient to click on a link. Any e-mail sent out by Dutch police regarding this investigation will not contain any links, it stresses.