ALERT: 18 Million Email Accounts Compromised

botnet_imgOn April 3rd, 2014, authorities in Verden, Germany discovered a massive hacking operation leveraging 18 million email accounts and accompanying passwords for financial gain.

Compromised accounts were being used in botnet spam campaigns. In cases where users had reused passwords on other websites, identity theft and fraudulent eCommerce were also likely to have occurred.

Authorities warn that although the discovered operation has been taken down, compromised credentials are most likely still circulating and in active use. Initial estimates state that roughly 3 million accounts contain the .de German country extension, while the remaining 15 million accounts belong to users around the world.

Threat Mitigation

Verden authorities have reported their findings to the German Federal Office for Information Security, otherwise known as the BSI. The BSI has yet to release an official statement, however it is likely that they will set up a German language website where users can check to see whether their account has been compromised. This is exactly what was done in January 2014, when Verden authorities discovered a similar operation affecting 16 million accounts. Interestingly enough, a report from Spiegel Magazine (German language) indicates that the two events may indeed be connected.

For immediate protection, Emsisoft recommends that users change email passwords as soon as possible. If you have reused email passwords at other websites, you should change those too and ensure that you do not reuse your passwords between sites again. The strongest passwords are unique and utilize at least 16 alphanumeric characters or punctuation marks.

Although reports have not stated whether this attack was used to spread malware, this is always a possibility as well. An attacker could, for example, log on to a compromised account and send a malicious attachment or link to every contact in that account’s mailing list. For comprehensive protection against an attack of this nature, users should combine skepticism and a well designed anti-malware.

Have a Great (Identity-Theft-Free) Day!

UPDATE:

Good news – The BSI has created a place for users to check if their email has been affected by the breach: https://www.sicherheitstest.bsi.de/

This is the same site that was used when the 16 million account hack was revealed in January.

 

  • Legend

    It’s most concerning, that we through the last couple of years has seen an increase in dedicated coordinated spear attacks/phishing to major corporations, such as Sony. Adobe etc. Those big corporations is an increasingly magnet to attacks caused the huge amount of user informations . That is, or can be sold, to the highest bidder. More and more user information is somewhat out of our hands, and we truly is reliable on that firms security strategy and policy. I would only hope that if a firm that I trust, is compromised, then In that case, is time of importance, and I hope that they will, without delay send information to all is user, on how to handle the situation. Maybe they should have a clear and public policy regarding that issue. But no, instead they have a clear policy on tracking cookies LOL.