German authorities have announced that they have discovered a list of 18 million email addresses and passwords that have been stolen in the countries latest major data breach. This is Germany’s largest data theft known to date. It also follows a similar case that saw authorities uncover a trove of 16 million stolen email addresses and credentials in January.
The compromised accounts are reportedly being used for criminal purposes such as to spread spam emails, and authorities say that the passwords were used to assemble a botnet. The BSI also stated on Monday that of the 18 million email accounts, 3 million compromised accounts are German based, with .de domain suffixes. The rest are international, with endings for other countries, including the most common suffix .com.
The Federal Office of Information Security (BSI) released a statement saying they were working on informing victims that their accounts have been compromised. The BSI has been working with various email providers, such as Deutsche Telekom, Freenet, gmx.de, Kabel Deutschland, Vodafone and web.de to inform users that may have been affected. Harald Neymanns, an Interior Ministry spokesman said 'A procedure is being prepared similar to what happened in the previous identity-theft case.'
The previous case Naymanns refers to is the January data breach where 16 million email addresses were stolen. The BSI launched a service for people to check if their accounts had been compromised. The service asked users to enter their email data and they would be alerted by the BSI if their account had been effected and would then offer advice on what actions to take.
However, the site was not prepared for the volumes of traffic that it had received and caused the service to crash repeatedly. The BSI said that the server to be used for this breach would need load-testing before going live so it can handle the vast amounts traffic likely to visit the site.
Until the service is set up and concerned account holders can get a straight answer to whether their accounts have been affected. For those that are worried that they have been affected or are victims of the breach, it is strongly advised that computers are digitally cleaned with anti-virus programmes and all passwords used for online services are changed. Account holders should also be vigilant when opening and clicking email content as they could be spam.
The key advice here is to change passwords for all online services. However, before taking on this task it is imperative that you stop using weak passwords and stop using the same password on multiple sites. Employing the use of a password manager, like my1login will not only help you implement strong complex passwords for all online accounts, those passwords can easily be changed if a specific account is hacked. It also removes the hassle of having to remember individual logins.
my1login allows you to use one super strong and unique password that grants you access to all of your account, without having to remember the individual logins. Therefore, you can create strong complex passwords for all your accounts, for example a typical password for your gmail account could be “$~dY>zD9n_+J]SkMZoPlZhBZ3″ and a typical password for your Facebook account could be “DCTt8B-4J#F$Hxssv7}3k)oax”. The length and entropy of these passwords make them extremely strong, and using different passwords for all your accounts means that should any remote site be compromised no other account of yours would be compromised.
Using my1login also eliminates the need to rely on insecure practices such as writing passwords down or storing them in documents, spreadsheets or even on your phone. Passwords can also be securely shared using my1login meaning you’ll never need to email a password, or need to select a weak password because it’s simply easier to convey?
If you’d like to see how my1login can improve your online security and help protect you against hacks, try out the my1login password manager for free, or leave your email address and we’ll send you an information pack.