An investigation spanning two years across Poland and Germany has led to charges against 11 people accused of orchestrating a sprawling cybercrime operation that harvested more than 100,000 stolen login credentials, authorities said. The suspects allegedly used fake news websites and fraudulent Facebook login pages to capture victims’ passwords and exploit their accounts.
A Cross-Border Investigation
Police officers from the Białystok Board of the Central Bureau for Combating Cybercrime announced that they had identified 11 members of what they described as an organized criminal group operating between May 2022 and May 2024 in Poland and Germany.
The inquiry, conducted over two years, focused on a coordinated scheme that targeted social media users through deception. Investigators said the group’s activities extended beyond isolated fraud attempts, instead forming what prosecutors characterized as a structured enterprise responsible for hundreds of alleged offenses.
In total, the suspects were charged with more than 400 crimes. The accusations include leading and participating in an organized criminal group, unlawfully taking over access to Facebook accounts and email inboxes, internet fraud, and money laundering. The charges cite multiple provisions of Poland’s Penal Code, including Articles 258, 267, 286, 269b, and 299. Six individuals were placed in pretrial detention as a preventive measure while proceedings continue.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
The Anatomy of the Scheme
According to investigators, the group relied on imitation and urgency to ensnare victims. Members allegedly created websites designed to resemble well-known news portals. These sites featured sensational and often shocking headlines, including false reports of the death of a famous person.
When users clicked on links directing them to the fabricated pages, they were prompted with what appeared to be a Facebook login window. Believing they were signing in to view or share the content, victims entered their usernames and passwords.
Authorities said that at that moment, the credentials were intercepted by members of the group. The stolen data was then used in further criminal activities, though officials did not detail the full scope of downstream exploitation.
Over the course of the investigation, more than 100,000 login credentials and passwords linked to the targeted website were seized. Investigators described the volume of compromised data as evidence of the operation’s scale and reach.
Financial Traces and Legal Consequences
Prosecutors said the group’s activities extended beyond unauthorized account access. Charges include internet fraud and money laundering, suggesting that the stolen credentials were used to facilitate financial crimes.
In at least some cases, authorities referenced fraud involving Poland’s BLIK payment system, in which victims may have been induced to authorize transactions using one-time codes. Investigators are seeking information from injured parties about whether such incidents occurred and whether they were reported to law enforcement.
Assets equivalent to 1,000,000 Polish złoty were seized from the suspects. Officials said the funds may be used, among other purposes, to compensate victims for losses incurred as a result of the alleged crimes.
A Public Appeal to Victims
Following the announcement of the charges, authorities issued a public advisory urging individuals to verify whether their Facebook login details had been compromised.
They directed users to a government website where they can check whether their email addresses were included in the data seized during the investigation. If a data leak is detected, officials asked affected individuals to contact the investigator handling the case via a designated email address.
In their message to law enforcement, victims are requested to provide the date of the incident, information about whether it was reported previously — including the unit and case reference number — and details about any additional harm suffered, such as financial losses linked to BLIK code fraud.
Authorities also recommended that users change their Facebook passwords, as well as passwords for any other accounts, including email, where the same credentials may have been used. The investigation remains ongoing as prosecutors prepare the case against the accused, framing it as one of the more extensive cybercrime operations uncovered in the region in recent years.
