Hackers steal 16 million email addresses and passwords in Germany


Hackers have infected computers in Germany and managed to gain email account information on 16 million users.

This information comes from Germany’s Federal Office for Security (FOS), and the information stolen includes the actual email address as well the passwords to them. They have set up a website for those in Germany to check to see if their email account has been compromised. If the email address has been hacked then the website will send you a message letting you know.

“If that happens, then your computer is most likely infected with malware,” Tim Griese, who works for the FOS, said to DPA, a news agency.

The hackers have not been found yet and FOS have not released the details on how they managed to infect the computers of what amounts to around 20% of Germany’s population. It also isn’t known if this has spread past Germany, but most of the emails do end in .de, so it seems like they were the main target.

[via BBC News, DW, image via HackNY’s flickr]

Related Posts

  • Mike S.

    [@Eva] But not really all that much better, if “only” 5-10% of the country . . . .

  • Eva

    I strongly doubt that 20 percent of the German population are affected. If you consider that not every person owns a computer and/or their own email address, that would mean more than 20 percent of households, and that I do doubt.

    Contrary to what is said in this article, it is not actually email accounts and the passwords to said email accounts. Rather, as the website states, “each of the digital identities consists of an email address and a password. Email address and password are used as access credential for mail accounts, or additionally often for online shops or other online services” [translation from the website; I’m a native German speaker.]

    So, it’s quite possible that one email account on a compromised computer will show up in that data set multiple times. It might show up with its own password, and then with different websites where the owner uses it to log in and (hopefully) a new password for each website. That would drastically reduce the number of people and computers actually compromised. If I think about the number of websites I use one of my throwaway email addresses to log in to, I could generate several dozen entries all on my own.

    It’s quite frustrating that they government doesn’t release more information on how that data was gained, which kind of infection is present and so on. Also, they’ve known about it since December, but only informed the public now.