Police have cracked a criminal website selling two million people's online identities for as little as 56 pence.

Genesis Market, an easy-access site found on Google, traded 80 million passwords and logins which criminals used to steal millions of pounds.

Fraudsters purchased "bots" that contained victims' saved logins for Facebook, Amazon, PayPal and Netflix and bank details, which were updated in real-time whenever the victim attempted to change their password.

It was shut down on Tuesday night in a major sting operation between 17 national police agencies, including the FBI and Britain's National Crime Agency (NCA), with 120 arrests made so far.

The NCA, known as Britain's FBI, estimates that there are "tens of thousands" of victims in the UK and "hundreds" of British criminals who were using it.

The site even mimicked victims' browsers, managing to evade security checks on social media and shopping sites.

This "allowed the criminals to essentially masquerade as the victim" and "socially engineer them for further offences" through mapping friends, family and personal circumstances, the NCA said. 

'Genesis Market is an enormous enabler of fraud'

Will Lyne, head of cyber intelligence for the NCA, said: "Genesis Market is one of the top criminal access marketplaces anywhere in the world.

"Genesis Market is an enormous enabler of fraud and a range of other criminal activity online by facilitating that initial access to victims, which is a critical part of the business model in a whole range of nefarious activity."

Some 31 dawn raids carried out on Tuesday and Wednesday saw 24 users of the site arrested in the UK under the Computer Misuse Act and for fraud offences, including two men aged 34 and 36 in Grimsby, Lincolnshire.

In total, there were around 120 arrests, over 200 searches and close to 100 preventative actions carried out across the globe, with both unwitting members of the public and businesses targeted.

The site now carries the FBI logo and the message "this website has been seized" in "operation cookie monster", the name of the probe. An investigation is ongoing to find the ringleaders of the site. 

'Very, very easy' for anyone to access

The price per "bot" would range from as little as $0.70 (56p), up to several hundreds of dollars depending on the amount and nature of the stolen data.

Rob Jones, the director-general of the National Economic Crime Centre, said it was "very, very easy" for anyone to access Genesis Market to commit crime.

"This is the problem for us in the online world - you don't need to know a criminal to start," he said.

"So you can completely self-start and go looking for this and get everything you need to perpetrate a crime -  that is why this is so damaging."

Millions of pounds stolen

Asked how much money may have been stolen, Mr Jones added: "If you look at 80 million credentials and two million victims worldwide and do the maths, there are millions of pounds available to the criminals who are involved in this."

The activities carried out by the website included randsomware attacks where hackers block access to data and demand payment to release it; sim-swapping, where mobile phone numbers are hijacked; and the theft of source codes from companies.

NCA investigators have already set up spoof distributed denial-of-service sites, which bring down servers by flooding them with requests, to harvest the details of criminals. They may use similar tactics to target fraud sites.

Members of the public can check whether their details were listed on Genesis Market by using the Dutch police site's "check your hack" tool. 

It comes after the Met police smashed iSpoof last year, a global online fraud shop selling tools that allowed criminals to carry out phone scams on hundreds of thousands of unsuspecting victims, though it had fewer victims and was harder to access via the dark web.