A cybercriminal has admitted hacking the websites of companies including Uber, Sainsbury's and Argos in a bid to obtain customers' details to sell on the dark web.
Grant West, 25, got hold of the personal data of 165,000 users of online takeaway service Just Eat over a five-month period between July and December 2015.
No financial information was obtained, but the fraud is believed to have cost the firm more than £200,000.
At Southwark Crown Court in London on Thursday, West pleaded guilty to an offence of conspiracy to defraud Just Eat and its customers along with a string of other charges related to his dark web shop.
A hacking charge states West launched "brute force" attacks against 17 different websites using specialist software in a bid to obtain personal information. Companies attacked included supermarkets Asda and Sainsbury's, bookmakers Ladbrokes and Coral, and internet-based firms, such as Groupon and Uber.
Other targets included Nectar, T Mobile and Argos. West, used stolen information as part of a phishing campaign in a bid to obtain identity details known as "Fullz".
The information, which included everything needed to make purchases online, was then advertised and sold to customers from his dark web shop. West, who used the online identity "Courvoisier", also sold cannabis, which was delivered to customers.
Much of his business was carried out using Bitcoins - the valuable cryptocurrency. In May, he denied conspiring to defraud Just Eat and was released on bail, but continued his illicit online trade.
Police found around £25,000 in cash, along with hundreds of grams of cannabis, when they searched his property in August and September this year.