German federal security officials have admitted they knew several weeks ago that internet hackers had stolen 16 million email passwords.
The Federal Office for Information Security (BSI) only alerted the public this week.
BSI president Michael Hange defended the time lag in issuing the public alert, saying the office had needed time to set up a website where online users could securely check whether they had fallen victim to the theft.
“Setting up a process that complies with data protection laws and can handle such a large number of requests needs preparation time,” Hange told public broadcaster Bayerischer Rundfunk.
The BSI website reassuring worried internet users stopped working, but it is now back online.
Cyber criminals stole details which could compromise social media, shopping and other online services.
Computer scientist Dirk Reimers has this advice for users: “It’s really not a good idea to use the same password for different sites,” he said.
“There’s always a chance that a hacker can gaining access and then he’d be able to access more than one of your services,” Reimers added.
Those affected have been advised to clean their computers using anti-virus software and to change their passwords, using complex combinations of letters, numbers and symbols.
About half of the affected accounts had email addresses with Germany’s domain-name ending .de
Many others were from other EU states, suggesting an international network was behind the spectacular data theft.