Germany IT watchdog knew for weeks of mass cyber theft

Jan 22, 2014
Germany's cyber crime watchdog said it learnt last month of the mass theft of 16 million digital identities through a criminal probe but needed weeks before alerting the public

Germany's cyber crime watchdog said Wednesday it learnt last month of the mass theft of 16 million digital identities through a criminal probe but needed weeks before alerting the public.

The website of the Federal Office for Information Security (BSI) had buckled Tuesday under an onslaught of requests by millions of worried online soon after the warning was issued.

By Wednesday morning, with the site working again, the BSI said it had handled over 12 million online queries and informed 884,000 affected users, reported national news agency DPA.

Cyber criminals stole email addresses and matching passwords, which could also compromise linked social media, shopping and other online services, said the office.

The mass theft was uncovered in a probe by criminal investigators and researchers of so-called botnets, networks of hijacked computers whose users are usually unaware their infected "zombie computers" are themselves sending out spam and malware.

"The data was discovered by criminal investigators," a BSI spokesman told AFP, saying the theft was "of exceptional magnitude", but without specifying which judicial authority had conducted the probe.

BSI president Michael Hange defended the time lag in issuing the public alert, saying the office had needed time to set up a website where online users could securely check whether they had fallen victim to the theft.

"Setting up a process that complies with data protection laws and can handle such a large number of requests needs preparation time," Hange told public broadcaster Bayerischer Rundfunk.

Interior Minister Thomas de Maiziere praised the BSI's "well-prepared operation", saying the mass theft showed the extent of the cyber threat and that the state had a duty to ensure online security.

Those affected have been advised to clean their computers using anti-virus software and to change their passwords, using complex combinations of letters, numbers and symbols.

About half of the affected accounts had email addresses with Germany's domain-name ending .de, while many others were from other EU states, suggesting an international network was behind the spectacular data theft, Hange told DPA.

The BSI's German-language website sicherheitstest.bsi.de allows Internet users to check whether their accounts are affected by entering their and then checking an email reply from the office, marked with a unique security code.

Explore further: Germany says 16 mn email accounts compromised

add to favorites email to friend print save as pdf

Related Stories

Germany says 16 mn email accounts compromised

Jan 21, 2014

German authorities said Tuesday the digital identities of 16 million online users had been stolen, compromising their email accounts, linked social media and other services.

Apple girding gadgets against hackers

Jul 08, 2011

Apple on Friday said it was working to patch a vulnerability that hackers could use to break into the company's popular iPad, iPhone and iPod Touch gadgets.

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Large-scale data theft fazes Finnish police

Nov 14, 2011

Finnish police on Monday called on users of online services to change their passwords after nearly 15,000 user names and passwords were stolen and published on the Internet.

Recommended for you

What's causing the recent string of data breaches?

16 hours ago

It's Cyber Security Awareness month, which has me wondering: are we doing all we can to protect our data? To help answer this question, I sat down with Girish Bhat of Wave Systems—an important collaborator of Micron's—to ...

Court: UK spies get bulk access to NSA data

Oct 29, 2014

The British government's insistence that its spies don't use the vast espionage powers of the U.S. National Security Agency to sidestep U.K. restrictions on domestic eavesdropping was called into question by a court document ...

Georgia Tech releases 2015 Emerging Cyber Threats Report

Oct 29, 2014

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspac ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.