The scam is as old as email clients themselves: The theft of access data by cyber criminals. What industry experts have been warning about for some time can now be backed up with figures. Access data is currently being stolen on a large scale, particularly from Web.de and GMX addresses.
Large data set of Have-I-Been-Pwned discovered
It is an open secret that there are numerous databases circulating on the darknet in which email addresses and matching passwords are offered at sometimes horrendous prices. Criminals then use the stolen data to do more than just play practical jokes. In the worst case, there is the threat of identity theft, which can have serious financial consequences for the person concerned.
Anyone who wants to check whether their own e-mail address has already been the victim of such an attack can visit the Have-I-Been-Pwned website. The operators of the website have now announced that they came across a 104 GB data package in January, which contained a whopping 71 million email addresses. The scary thing about this is the fact that 35% of the addresses were completely new and had not previously come from a data leak.
GMX and Web.de promise cyber security
The method of data theft is sometimes extremely lucrative for skilled cyber criminals. With just a few taps and clicks, the user’s password is determined and access to sensitive services such as PayPal is gained. In no time at all, the PayPal account is empty. It is therefore all the more understandable that uncertainty is growing among users. However, the two providers GMX and Web.de are reassuring their customers. A spokesperson for 1&1, the parent company of both email clients, emphasized cyber security to our colleagues at heise online. In addition, the company emphasized that no increase in attack activity could be detected.
1&1 blames the high number of false log-in attempts on the many data leaks that have recently caused a large number of email addresses to be flooded into the darknet. However, as these were mostly outdated passwords, there were hardly any consequences for users. Similar to the operators of Have-I-Been-Pwned, the operators of the two email clients are also appealing to users’ sense of security. With simple means such as complex passwords and two-factor authentication, a high level of security can already be ensured.