Germany’s federal security bureau (BSI) warns 16 million Germans may have had passwords to online services stolen
The email addresses and login details of 16 million people in Germany have been stolen, according to the country’s Federal Office for Security (BSI). Users can check on the BSI site if they are affected, but the organisation appears not to know who carried out the crime.
BSI uncovered the attack through an analysis of botnets. The email addresses appear to have been harvested through a phishing approach which directs users to a fake site where they log in. The passwords gained appear to relate to e-mail services, other Internet functions, online shops and social networks.
The wurst attack ever?
The size of the attack is roughly equivalent to a fifth of the German population, and most of the addresses are believed to be used by Germans: around half end in the .de domain code for Germany , with most of the rest ending in .com, which is widely used by people in all countries.
The database of compromised details has been handed over to the BSI which runs a site where users can check if they are affected. To do this, they enter an email address, and wait for a response from the BSI. If the email address is not affected, they will hear nothing. Otherwise, they get an email message to the affected addres, signed with a PGP security code containing information and advice.
The first day after the attack was uncovered, earlier this week, the site was overloaded, but seems to be working as planned at the time of writing.
For those affected, the BSI recommends users should run an anti-malware scan on their computer(s), and change all the passwords they use. This applies even to services where they do not use their email address as a log-in, since the attackers may have gained access to their machine and extracted other passwords.
“The theft of the passwords demonstrates the importance of building better passwords. It also shows that the networks of hijacked computers -so called botnets- are key for serious criminal activities and fraud,” said Professor Udo Helmbrecht, head of the European security institute ENISA. “The human factor is still the weak link in IT security.”
This is the second large data leak this week to focus on one country. On 21 January, it emerged that 15 million South Koreans may have had their banking details pilfered.
Additional reporting by Bjorn Greif of ZDNet.de