16 million online accounts probably compromised, German government warns

Government invites users to check their email address against a list of 16 million collected by a botnet

A list of 16 million email addresses and passwords has fallen into the hands of botnet operators, the German Federal Office for Information Security (BSI) said Tuesday.

It remained unclear though to what these login credentials provide access. They could be logins for mail accounts, Facebook accounts, Amazon accounts or other online services, said BSI Spokesman Tim Griese.

About half of the addresses are from the German .de domain, Griese said, adding that there are also French and .com addresses on the list.

Law enforcement agencies found the list of email addresses and passwords while analyzing several botnets. Only the list of email addresses was shared with the BSI, Griese said.

Users were invited to check their email address against the list by sending their address to the BSI using a website made specially for this purpose. Email addresses that are on the list will then receive an email with a code from the BSI.

The BSI couldn't simply email all the addresses on the list because under German law it is not allowed to send emails to people who did not ask to receive one, Griese said. An email from the BSI about compromised accounts might also be regarded as spam and deleted immediately, he said.

By creating an online tool the BSI circumvents this problem, Griese said, adding that this will hopefully also lead to more awareness of online security.

While the BSI said this was likely a case of large scale identity theft, Griese declined to discuss what the stolen login credentials were or could have been used for while the investigation continues. "We can't tell more about the background," Griese said, adding that for the same reason he couldn't disclose which botnets were involved.

Identity theft however is one of the biggest risks when using the Internet, the BSI said in a news release. Criminals steal identities to act on the behalf of Internet users by sending emails in their place, or shop at the expense of others or do harm to them in other ways, the BSI said.

Users whose account might have been compromised should check their computer for malware, the BSI Said. Because it is unclear at the moment what the stolen login credentials unlock, compromised users should also change all their passwords, Griese said.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securitydata breachGerman Federal Office for Information Security (BSI)Identity fraud / theftfraud

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Loek Essers

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?