Email providers and German authorities are rushing to inform the victims of the latest mass-theft of email passwords and data. The government said that, so far, the accounts were mainly being used to send spam mails.
Germany's BSI, the Federal Office for Information Security, said on Monday that major email providers active in Germany had begun letting their users know if they had been hit by the latest mass-theft of email account information.
Deutsche Telekom, Freenet, gmx.de, Kabel Deutschland, Vodafone and web.de had started telling their users directly, the BSI said. In the last such instance of mass email data theft, this past January, the mass of traffic to the government's Internet safety site caused the service to repeatedly crash. The agency set up a special service for people concerned that they might be affected. They can enter their email data on the site, and will then receive a response from the BSI if their account is compromised.
The BSI said on Monday that it was certain 3 million of the 18 million email accounts belonged to Germans, but that the total figure could be higher. The government agency said that from what it could currently ascertain, the accounts were being used primarily to send out "spam" emails - but it warned that other uses like conducting fraudulent online shopping were not out of the question.
"Such cases are extraordinary when in these dimensions," BSI President Michael Hange said at a Bonn press conference on Monday. Hange also warned Germans whose accounts were not compromised to watch their inboxes with care, recommending "a healthy mistrust of unknown email senders."
"Think first, then click," Hange concluded.
Authorities in Verden, the site of a major German center combating cyber-crime, uncovered the stolen data and submitted their findings to the BSI on March 17 - the information became public knowledge on Thursday.
The BSI also on Monday reminded people to continually protect themselves from such attacks, advising regular updates of anti-virus software and regular changes to email passwords.
msh/kms (AFP, dpa, Reuters)