Emsisoft Security Warning: 16 Million Email Accounts hacked by botnet


On January 21, 2014 the German Federal Office for Information Security (BSI) announced a data breach affecting 16 million Internet users.  The information stolen is a massive collection of email addresses used as usernames and their respective passwords.

As yet, it is unclear what these log-in credentials provide access to, however it is known that about half of the email addresses stolen are linked to German domains.  A large portion are also connected to French hosts.

The data breach surfaced while the BSI was conducting research on botnets throughout Germany. To date, the identities of those behind the attack has not been publicly confirmed. What is known is that the stolen credentials could provide identity thieves access to any number of user accounts, including social networking sites, Amazon, or even online banking.

BSI spokesman, Tim Griese, therefore recommends that anyone who thinks they may have been affected by the breach change all of their passwords immediately and scan their computer for malware.  He didn’t say anything about Emsisoft, but the good news is that we can help you with both.

To find out if your email address has been compromised, you can submit it to this website and the German Federal Office for Information Security will check if it is among the 16 million on its list.  In the meantime, we recommend that you change your password just for good measure by following one of the methods discussed in our recent blog post on password security.

As for Griese’s recommendation to check your computer for malware, anyone running Emsisoft already has.  In fact, if you’re running Emsisoft the odds are about 99.9% that your computer wasn’t infected by this botnet in the first place.  Attacks like these happen more often than you would think, and so we’ve designed our software to operate unobtrusively in the background of your computer and prevent such attacks before they can occur. As for that other .1%, well, maybe it’s time you changed that password to something a little more effective than 123456.

  • barb boggs

    Hi, I entered my email address at the link provided however


    is a German web site. Although I was able to translate on a web page I don’t completely understand their response.

    “Thank you – your input is now checked. If your email address should be
    in the Botnet data, receive one of us by PGP signed email with the
    following code in the reference:nnReference code: xxxxnnPlease
    notice this code and open you the answer mail then only if exactly this
    code is indicated in the reference.nnIf the entered email address
    should not be concerned, do not receive email.”

    Are they saying if I do receive email from them with this code that my email address is secure or not?


    • emsisoft_steve

      Hi Barb,

      I’ve spoken with a German team member at Emsisoft who
      also submitted his email to the website. He said that the original
      German response was that if you receive an email with the code, your
      account has been compromised. Otherwise there would be no further

      Hope this helps. Sometimes things get lost in translation.

      • barb boggs

        Thanks, Steve. Yes that clarifies it. Appreciate you taking the time to run this down :D

        • emsisoft_steve

          You’re welcome. Glad I could help.

  • Pingback: Emsisoft Explains the Syrian Electronic Army - AhelioTech()

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: ALERT: 18 Million Email Accounts Compromised | Emsisoft Blog()

  • Pingback: Michaels Arts & Crafts Confirms Data Breach - AhelioTech()