Telekom stated in an announcement on Monday that customers should immediately change their passwords after finding evidence that the account information for between 64,000 and 120,000 customers was being sold on the black market.
Specifically, the T-Online email addresses and passwords that customers use to log in to their accounts online were being sold by dozens of companies in the “darknet” and the data was “at least partially real and current”, according to the company.
“Regularly changing passwords protects against abuse,” said Telekom data privacy head Thomas Kremer in the statement.
“Now there is another reason to change passwords.”
Telekom has informed police and filed a criminal complaint with public prosecutors over the black market sales and customers affected by the security threat have been notified, but Telekom still urged all users to update their passwords.
The telecommunications giant said that there was no evidence that the company had been hacked, but rather that a perpetrator had used phishing methods to obtain the data, for example by pretending to be Telekom.
Other companies could also have been affected by the scam, Telekom said.
Someone who has a customer's email and password can make orders or contract changes online.