18 million international email passwords pocketed in Germany

The logins apparently already had been used to spread spam, as well as assemble a so-called botnet that hijacks victims’ computers to perform operations at the hacker’s will.

Only about 3 million of the compromised mail accounts are based in Germany, with “.de” domain suffixes. The rest have endings for other countries, including the most widely used suffix, “.com.”

The list of breached mail accounts was seized from a hacker and is believed to be the biggest credential theft ever found in Germany.

German email providers will directly warn customers whose accounts have been breached, Harald Neymanns, a Germany Interior Ministry spokesman, said on 4/4/2014.

Germany's Federal Office for Information Security launched a German-language-only website in January 2014 where email users can check if their addresses were compromised during a previous theft of 16 million passwords.

Spiegel Online reports the same group of hackers allegedly is responsible for both the January theft and the new case. The hackers are believed to be based in a Baltic state.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.