Germany’s Federal Office for Online Security (BSI) warned Internet users that cybercriminals had gotten a hold of a list of 16 million email addresses and passwords.
According to BSI, the information came out of analysis of botnets by research institutions and law enforcement.
BSI did not make clear in its statement how exactly the botnet operators got their hands on the login information, or what online services the login information is for. The agency did not however that this type of information is often swiped using keyloggers. Since many people use the same login credentials for multiple sites, having email and password information opens up many different possibilities for attackers.
“Identity theft is one of the greatest risks in the use of the Internet,” the BSI said in their announcement, adding that in the wrong hands, login information could be used for fraud.
The email addresses were given to the BSI so that victims could be notified.
To deal with the situation, the BSI set up a Website where users can enter their email address to check if they have been victimized. If so, the user will be sent an email from the BSI with recommendations on how they can protect themselves.
Agency spokesman Tim Griese told the Associated Press about half the accounts have .de domain-name endings, and it appears the majority of users are in Germany. The compromised accounts have email addresses as the username, but may be for social networks or other sites.
To address the situation, the agency set up a German-language web page where users can check whether their account is affected.
The BSI recommends anyone affected by the situations should check their computers for malware using antivirus, and change all of their passwords.
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Germany Authorities Warn Millions of Online Credentials Compromised Healthcare.govs Poor Security Diagnosis Shows Importance of Security Lifecycle SCADA Zero-Day Patched After Disclosure Cyber Attack Leverages Internet of Things Twitter Makes Apps Use Encryption to Connect to API
Tags: NEWS INDUSTRY