18 Million E-mail Accounts Compromised in Germany which Worst in History of Germany
ZDNet reported on 4th April, 2014 stating that authorities of Verden city of Germany apparently discovered one of the country's largest cases of identity theft consisting 18 million email addresses with their stolen passwords.
The public prosecutor of the city has asked Federal Office for Information Security (BSI), which is country's IT watchdog, to help in notifying the affected users about the breach.
According to BSI, stolen identities were discovered in context to an investigation into a botnet which is being used to send spam emails from stolen email addresses. BSI issued a statement confirming that the botnet is still in operation and stolen identities are being actively exploited.
Out of 18 million affected email users, it is initially estimated that around 3 million accounts contain the .de German country extension and the balanced 15 million accounts belong to users around the world.
Ann7.com published news on 4th April, 2014 quoting Harald Neymanns, Spokesman of Interior Ministry, as saying "providers of German email should straightforwardly warn clients whose accounts have been breached."
He said that prosecutors discovered the list on 27th March, 2014.
BSI launched a website in German language only in January 2014 where email users could verify if their addresses had been hijacked after an earlier robbery of 16 million passwords which happened in January 2014.
Its server was almost beleaguered in January 2014 when millions of clients tried to find if they were sufferers of the unscrupulous attack. The Spiegel Online news website or www.spiegel.de, one of Germany's top news website, suspected the involvement of the same gang of hackers in both thefts in January 2014 and latest one. In January 2014, it was suggested that cybercriminals were stationed in a Baltic state.
Although reports have not clarified whether this attack was used to spread malware but there is always a possibility of it. For example, an attacker could log on to a compromised account and send malicious attachment or link to all contacts in mailing list of the hijacked account. Users should be careful and should use well updated anti-virus software to protect against such attack.
» SPAMfighter News - 14-04-2014