18 million email addresses and passwords stolen in Germany

18 million email addresses and passwords stolen in Germany

Summary: The new case comes just months after another report of the widespread theft of email credentials.

SHARE:
TOPICS: Security, EU
1

Last week, authorities in the German city of Verden reportedly discovered one of the country’s largest cases of identity theft, where up to 18 million email addresses and their associated passwords may have been stolen.

The city's public prosecutor has asked the country's Federal Office for Information Security (known by its German abbreviation BSI) for its help in notifying the affected users of the breach, according to a statement by the BSI. On Friday, the federal office said that it was working under "high pressure, so that affected internet users can be immediately informed".

The stolen identities were discovered in the context of an investigation into a botnet which is being used to send spam emails from stolen email addresses, according to the BSI. "The botnet is still in operation," according to a statement issued on Monday by the BSI, and "the stolen identities are being actively exploited."

Of the 18 million email users affected, three million are based in Germany. The BSI has been working in collaboration with email service providers in the country — including Deutsche Telekom, GMX, and Vodafone — to notify those who may be affected.

Because of strict privacy laws in the country, which require explicit permission for email contact, affected users can not be notified directly. Instead, they must log in to a special "safety test" website, where concerned users can enter their email address to check to see if it has been compromised.

The report comes less than three months after another case of widespread theft of email credentials in Germany.

In the earlier case, 16 million email addresses, usernames, and passwords were thought to have been stolen. At that time, the site that the BSI set up reportedly crashed under overwhelming demand.

The earlier theft was also discovered through an analysis of botnets, but it is unclear how — or if at all — the most recent case is linked to the previous attack. During the earlier case, it was reported that the attackers may have been from a Baltic state.

Read more on email security

Topics: Security, EU

Michael Filtz

About Michael Filtz

From the day he brought home a modem and dialed in to a local BBS in 1991, Michael has been obsessed with technology and how it enables collaboration. He has a master's degree in journalism from UC Berkeley, and has worked in and around the technology start-up scenes in San Francisco and Berlin.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Data Protection

    can be annoying, when you can't use captured email addresses for good, like informing people that they are affected.

    Those that hear about the story are probably those most likely to know they haven't been affected...

    Still I'd rather have the levels of data protection that we enjoy than, say, the levels of protection offered in countries like the USA.
    wright_is