

German officials confirm 18 million emails and passwords stolen - icholboy
http://www.dw.de/german-officials-confirm-18-million-emails-and-passwords-stolen/a-17542815

======
sentenza
You non-Germans don't know how mind-boggeling insane this whole story is.
There is a governmental agency, the BSI, whose job is to be on top of
everything regarding security in information systems.

They tell us that millions of email accounts are compromised.

What they don't tell us is _which_ accounts are compromised or even what
service provider these accounts are with. Maybe the key information here is
that the info was leaked in a database hack at a big consumer software
company.

Who knows?

Nobody! That's who. Because they refuse to give any details that would
actually be useful to end-users. Now _everybody_ who has an email account is
scared that their account is compromised.

Do you know what the punchline here is?

They said they would give more details, but not before Monday. It might not be
obvious to non-Germans, but this little detail reeks of a kind of bureaucratic
weirdness that is as German as Beer: I bet they will only release more info on
Monday because the person in charge doesen't come into the office before
Monday.

Sorry if this was a bit ranty, but the whole thing is just so stupid.

~~~
eik3_de
I saw a news show on ZDF yesterday and they actually recommended using an
email provider that has 2 factor auth with "some code on you mobile". I guess
no non-geek understood it but I was still shocked. Usually they just say you
should have different passwords for different sites.

~~~
viraptor
Germany is quite good it seems. I don't really understand where it comes from,
but the last time I randomly turned on the TV in Berlin, there was an
educational program about PGP. At around 20:30, on a standard TV channel, one
of the first ones on the list at the hotel, so it wasn't something obscure
either. It seemed to describe the whole idea of asymmetric encryption too
(inferred from the animated presentation).

I was really impressed.

~~~
raverbashing
Well, the part of the population that cares about information security is very
well informed

But the rest seems to live in a luddite world. If you had watched TV more you
would have seen that there are a lot of ads for: web games, PayPal and other
websites trying to drag the average consumer into, you know, using the stuff.

Paying with a Debit Card is rare in Berlin, Credit Cards are barely non-
existent (but they have some other ways of paying stuff online and on stores)

Security of bank accounts is usually done through a list of one-use code
numbers (still, they - and several other countries - have payee initiated
money transfers between accounts/banks, something that is rare in US/Canada)

------
3rd3
I wonder why internet companies don’t have contingency plans in place for data
theft. I would be glad to be able to check whether my account is affected and
to receive an email with instructions immediately. Instead it’s always a big
surprise and it takes weeks until details are published…

~~~
jimktrains2
I wonder why internet companies don't just do the right thing and use good
hashes (or better methods like SRP, but that requires client updates) so that
none of this would even mater

~~~
mildtrepidation
Because they don't start out with well-designed systems (that costs money),
and they don't want to upgrade their systems to be good (that costs money).

It's very simple, but it's only obvious after you've seen it happen too many
times.

------
ChrisArchitect
is there an alternative source for this story like from Spiegel or something
other than dw.de?

~~~
aw3c2
For what it's worth, DW is Germany's "International public broadcaster" so it
is a reputable news source.

If you want it on SPON ("blood, tits and murica"), here you go:
[http://www.spiegel.de/netzwelt/netzpolitik/e-mail-
passwoerte...](http://www.spiegel.de/netzwelt/netzpolitik/e-mail-passwoerter-
gestohlen-18-millionen-datensaetze-a-962419.html)

------
icholboy
Sorry, I meant to submit the new data theft in Germany which happens only 3
months after the one posted:

[http://www.dw.de/german-officials-confirm-18-million-
emails-...](http://www.dw.de/german-officials-confirm-18-million-emails-and-
passwords-stolen/a-17542815)

