Data analysts believe that a large network of fake online designer shops, apparently operated from China, has stolen money and personal data from over 850,000 people in Europe and the United States.

The Guardian's exclusive report was made alongside German daily Die Zeit and their French counterpart Le Monde, investigating the analysis made by Security Research Labs (SRLabs), a German cybersecurity consultancy, came a day after the British Ministry of Defense reported a similar alleged Chinese hacking incident targeting its third-party payroll system used for catering to military personnel and some veterans.

The publications have provided an inside look at what the UK's Chartered Trading Standards Institute (CTSI) described as one of the largest scams of its kind, with around 76,000 fake websites involved in the operation, which is still ongoing, according to IT experts from SRLabs. 

As of April 2024, they have detected that at least 22,500 domains were still active.

SRLabs Says Fake Online Shops Exist Since 2015

The analysis claimed that the fake shops first appeared online in 2015. Since then, programmers working on the scammer network - which SRLabs named as BogusBazaar in its report - have created tens of thousands of fake web shops offering goods from premium brands like Nike, Lacoste, Versace, and Prada. 

The scammers then publish them in multiple languages to entice shoppers into buying through them without any assurance of getting the products while compromising sensitive personal data.

Of the 850,000 people who fell victim to the scam network, around 476,00 of them - over half of the figure - have shared debit and credit card details. 

CTSI's Katherine Hart said that the people behind the scam network were often part of serious and organized crime groups, meaning the data they farmed might be used for phishing attempts later.

On the other hand, ESET global cybersecurity adviser Jake Moore emphasized that data has become the new currency, warning that foreign intelligence agencies could also use a personal data pool for surveillance and extortion purposes, similar to the discovery Whitehall made on Tuesday (May 7). 

READ NEXT: UK's Defense Ministry 'Hacked by China'

Making Fake Domains Like Clockwork

SR Labs further revealed that BogusBazaar had a core group of developers who adopted an "infrastructure-as-a-service" model.

This model allowed building a semi-automatic system to create and launch websites for rapid development and eventually allowed other groups to use and develop the system and expand their operations. 

Matthias Marx, an SR Labs consultant who spearheaded the investigation, said BogusBazaar's model was "franchise-like."

The consultancy also stated that Italian malware intelligence firm Yarix previously reported a subset of the criminal network in January 2023. 

READ MORE: Xi Jinping Urges France to Resist 'New Cold War' Amid EU's Shift Towards US Alliance