German authorities said Tuesday the digital identities of 16 million online users had been stolen, compromising their email accounts, linked social media and other services.
Cybercrime watchdog the Federal Office for Information Security said it had discovered the mass theft of email addresses and passwords as part of an ongoing wider investigation.
Law enforcement officers and researchers had found the list in so-called botnets, networks of hijacked computers whose users usually don't know their hard drives are infected.
About half of the affected accounts had email addresses with Germany's domain-name ending .de.
The office set up a German-language website to allow Internet users to check whether their accounts are affected, but the service initially collapsed under a high number of requests.
Those affected were advised to clean their computers of malware using anti-virus software and to change their passwords, using complex combinations of letters, numbers and symbols.
Explore further: German companies to automatically encrypt emails (Update)