News

16 million online accounts probably compromised, German government warns

Google-Chrome-Germany-300x197A list of 16 million email addresses and passwords has fallen into the hands of botnet operators, the German Federal Office for Information Security (BSI) said Tuesday.

It remained unclear though to what these login credentials provide access. They could be logins for mail accounts, Facebook accounts, Amazon accounts or other online services, said BSI Spokesman Tim Griese.

About half of the addresses are from the German .de domain, Griese said, adding that there are also French and .com addresses on the list.

Law enforcement agencies found the list of email addresses and passwords while analysing several botnets. Only the list of email addresses was shared with the BSI, Griese said.

Users were invited to check their email address against the list by sending their address to the BSI using a website made especially for this purpose. Email addresses that are on the list will then receive an email with a code from the BSI.

The BSI couldn’t simply email all the addresses on the list because under German law it is not allowed to send emails to people who did not ask to receive one, Griese said. An email from the BSI about compromised accounts might also be regarded as spam and deleted immediately, he said.

By creating an online tool the BSI circumvents this problem, Griese said, adding that this will hopefully also lead to more awareness of online security.

While the BSI said this was likely a case of large scale identity theft, Griese declined to discuss what the stolen login credentials were or could have been used for while the investigation continues. “We can’t tell more about the background,” Griese said, adding that for the same reason he couldn’t disclose which botnets were involved.

Identity theft however is one of the biggest risks when using the Internet, the BSI said in a news release. Criminals steal identities to act on the behalf of Internet users by sending emails in their place, or shop at the expense of others or do harm to them in other ways, the BSI said.

Users whose account might have been compromised should check their computer for malware, the BSI Said. Because it is unclear at the moment what the stolen login credentials unlock, compromised users should also change all their passwords, Griese said.

 

Originally published on IDG News Service (Amsterdam Bureau). Click here to read the original story. Reprinted with permission from IDG.net. Story copyright 2024 International Data Group. All rights reserved.
Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines