A Dutch developer illegally accessed the accounts of over 20,000 users after he allegedly collected their login information via backdoors installed on websites he built.
According to an official statement, Dutch police officials are now in the process of notifying these victims about the crook's actions.
The hacker, yet to be named by Dutch authorities, was arrested on July 11, 2016, at a hotel in Zwolle, the Netherlands, and police proceeded to raid two houses the crook owned, in Leeuwarden and Sneek.
Police say they received the first tips regarding the crook's actions in November 2014, when a user complained about finding purchases someone else made on his behalf.
Initially, police thought they were dealing with a cyber-fraud investigation. Only after two years of gathering data and after expanding the investigation's scope with the addition of digital forensics experts in the spring of 2016, have they realized the extent of the crook's operation.
According to Dutch police, the 35-years-old suspect was hired to build e-commerce sites for various companies. After doing his job, the developer also left backdoors in those websites, which he used to install various scripts that allowed him to collect information on the site's users.
Police say that it's impossible to determine the full breadth of his hacking campaign, but evidence found on his laptop revealed he gained access to over 20,000 email accounts.
Authorities say the hacker used his access to these accounts to read people's private email conversations, access their social media profiles, sign-up for gambling sites with the victim's credentials, and access online shopping sites to make purchases for himself using the victim's funds.
Victims include both single individuals and businesses. The suspect is under investigation in over 140 cases already.
The suspect remained in jail after his arrest, and his pre-trial proceedings started last October.