Dutch developer built-in backdoors to SMB websites in order to steal personal information and money

Personal data and identities stolen by the thousand by dodgy Dutch developer

A website developer in the Netherlands built backdoors into hundreds of small-business websites, exploiting the insecurities that he created in order to monitor traffic, and steal identities and account details in order to operate a wide-ranging fraud.

As many as 20,000 users have been told that personal and other valuable information may have been compromised, although the number of victims suffering losses is believed to be in the hundreds, rather than thousands.

According to reports from the Netherlands, the 35-year-old IT professional built websites for small businesses with web shop capabilities. But by installing special scripts, he was able to decrypt and tap communications, including email and social media accounts of customers. He then used other people's identities and accounts to persuade contacts to transfer money, as well as using stolen identities to register on gambling websites.

"One day I got a message on Facebook from a friend of mine," claimed one of the victims. "He asked me if I could make a payment for him. That question was not so strange because I had recently borrowed money from him. I was sent a link and ended up on a payment site. Then my friend asked me if I wanted to mail him the payment confirmationā€¦

"Two days later I received a Facebook message from my friend, in which he indicated that his Facebook account had been abused by someone who asked his friends to pay bills. Then I knew I was scammed."

The man was arrested in July last year. Dutch police have suggested that he had a gambling habit.

The investigation is continuing.

Last week, a group of fraudsters in the UK were jailed after they were caught breaking into accounts with retailer Next, simply by using leaked user name and password combinations spilled in attacks on other websites.

The fraud worked - and the fraudsters were able to access accounts with credit lines with Next of almost Ā£1m - because of the number of people who use the same user name and password combination on multiple websites, including commerce sites.

McDonalds, meanwhile, has been caught out running a global website based on insecure, out-of-date software that has a number of glaring security holes.