Advertisement

BSI knew about huge data theft weeks ago

AFP/DPA/The Local
AFP/DPA/The Local - [email protected]
BSI knew about huge data theft weeks ago
DPA

German authorities knew about the theft of the digital identities of 16 million internet users in December, but kept it quiet as they claim they needed time to make "necessary preparations", it emerged on Wednesday.

Advertisement

Millions of accounts containing passwords and email addresses were hacked by an unknown group, the Federal Office for Online Security (BSI) said on Tuesday. 

But BSI President Michael Hange told Bayerischer Rundfunk radio victims were only now being told because authorities had needed time to make preparations.

That included setting up a website where people can check whether their details were among those stolen. The site, which went live on Tuesday, quickly crashed as 300,000 internet users attempted to see if their email addresses were among the ones hacked.

"We needed time to set up a process in line with data protection regulations and we also worked together with a provider," Hange said.  

BSI said it had handled around 12. 6 million online queries and informed 884,000 affected users in Germany by Wednesday.

Justice Minister Heiko Maas, who is also responsible for consumer protection, has described the scale of the hack as "incomprehensible."

However he steered clear of laying blame on authorities for not making the hacking public sooner, stating he was "not familiar with such processes."

But he added: "If a tip is received and there is even a small chance that it's to be taken seriously, that must be communicated quickly."

"It's not just a case of computers being infected but about the theft of entire digital identities," Hange told the Tagesspiegel newspaper.

And Interior Minister Thomas de Mazière praised the BSI's "well-prepared operation".

The BSI said the theft had was discovered by criminal investigators but declined to say how or which authority had conducted the probe.

CLICK HERE for The Local's Technology section

If the site does match the users email address as one of the 16 million stolen, then the BSI said the users computer was likely infected with malicious software.

Half of the accounts ended in .de meaning they were German-based, Tim Griese from Frankfurt-based BSI said on Tuesday.

Affected users are being warned to change all of their associated passwords, including those used to access social networks and for shopping online.

"In principle every form of abuse of data is possible," Thilo Weichert, Schleswig-Holstein state data protection officer,  told the Berliner Zeitung. "We need to take this very seriously."

READ MORE: Hackers access 16 million email accounts

More

Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.

Please log in to leave a comment.

See Also