German police finds 18M stolen and misused account logins

Police in northwestern German city of Verden have discovered a collection of 18 million stolen email addresses and corresponding passwords that are being actively used to send out spam, compromise social networks’ accounts and event to occasionally plunder the victims’ banking accounts.

According to a report by Der Spiegel (via Google Translate), the authorities are for now keeping mum on how the trove was discovered, but the publication did some research and believes that this discovery is correlated with a similar one from January, when the German Federal Office for Information Security (BSI) has notified users about the compromise of 16 million online user accounts, most of which belonged to German citizens.

In fact, they believe that the same criminals – possibly from the Baltic states – might have been involved in both cases.

According to the authorities, at least 3 of the total 18 million compromised accounts likely belong to German users, as most were opened with a major German e-mail provider. The rest includes accounts with several international providers.

Affected users will apparently be contacted and informed about it directly, and it’s possible that the BSI will set up a website where users will be able to check whether their accounts have been compromised, as they did in January.

In the previous case, it was ultimately discovered that only 1.6 million of the 16 million accounts on the list were actually affected, but this time it seems that the information is more current, and some of the accounts are actively abused.