Menu
16 million online accounts probably compromised, German government warns

16 million online accounts probably compromised, German government warns

Government invites users to check their email address against a list of 16 million collected by a botnet

A list of 16 million email addresses and passwords has fallen into the hands of botnet operators, the German Federal Office for Information Security (BSI) said Tuesday.

It remained unclear though to what these login credentials provide access. They could be logins for mail accounts, Facebook accounts, Amazon accounts or other online services, said BSI Spokesman Tim Griese.

About half of the addresses are from the German .de domain, Griese said, adding that there are also French and .com addresses on the list.

Law enforcement agencies found the list of email addresses and passwords while analyzing several botnets. Only the list of email addresses was shared with the BSI, Griese said.

Users were invited to check their email address against the list by sending their address to the BSI using a website made specially for this purpose. Email addresses that are on the list will then receive an email with a code from the BSI.

The BSI couldn't simply email all the addresses on the list because under German law it is not allowed to send emails to people who did not ask to receive one, Griese said. An email from the BSI about compromised accounts might also be regarded as spam and deleted immediately, he said.

By creating an online tool the BSI circumvents this problem, Griese said, adding that this will hopefully also lead to more awareness of online security.

While the BSI said this was likely a case of large scale identity theft, Griese declined to discuss what the stolen login credentials were or could have been used for while the investigation continues. "We can't tell more about the background," Griese said, adding that for the same reason he couldn't disclose which botnets were involved.

Identity theft however is one of the biggest risks when using the Internet, the BSI said in a news release. Criminals steal identities to act on the behalf of Internet users by sending emails in their place, or shop at the expense of others or do harm to them in other ways, the BSI said.

Users whose account might have been compromised should check their computer for malware, the BSI Said. Because it is unclear at the moment what the stolen login credentials unlock, compromised users should also change all their passwords, Griese said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitydata breachGerman Federal Office for Information Security (BSI)Identity fraud / theftfraud

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments