Illustration of a cybercriminal using a computer.
Seksan Monghonkhamsao | Moment | Getty Images
A huge scam website used by thousands of criminals to trick people into handing over personal information such as email addresses, passwords and bank details has been hacked by international police.
Britain’s Metropolitan Police said in a statement on Thursday that a website called LabHost was being used by 2,000 criminals to steal users’ personal data.
Police have so far identified just under 70,000 individual UK victims who entered their details on a website linked to LabHost. According to the Metropolitan Police, 37 suspects have been arrested so far.
The police also disrupted the operation of these websites and replaced the information on their pages with a message that law enforcement authorities had seized these services.
According to the Metropolitan Police, LabHost obtained 480,000 credit card numbers, 64,000 PIN codes, and more than 1 million passwords used for websites and other online services.
The Metropolitan Police said police had contacted 25,000 victims in the UK and notified them that their details had been compromised.
What is LabHost?
Police say LabHost was created in 2021 by a criminal cyber network that sought to defraud victims of key personal information such as bank details and passwords by creating fake websites.
Criminals could use it to exploit victims through existing websites or create new websites that imitate those of trusted brands, including banks, healthcare providers and postal services.
“Online fraudsters think they can operate with impunity,” Dame Lynn Owens, deputy commissioner of the Metropolitan Police Service, said in a statement on Thursday.
“They believe they can hide behind digital identities and platforms like LabHost, and are absolutely confident that these sites are impervious to police.”
Owens added that the operation showed “how law enforcement agencies around the world can and will team up with each other and private sector partners to disrupt international fraud networks at their source.”
Private companies, including blockchain analysis firm Chainaanalysis, Intel 471, Microsoft, The Shadowserver Foundation and Trend Micro, worked with police to identify and take down LabHost.
The investigation began in June 2022 after police received information about LabHost’s activities from the Cyber Defense Alliance, an intelligence-sharing partnership between banks and law enforcement agencies.
The Met’s cybercrime unit then joined forces with the National Crime Agency, City of London Police, Europol, UK regional authorities as well as other international police forces to take action.