Thousands of GMX accounts compromised to send spam
The cyber attack on users of GMX, a German web services provider, which was discovered on Wednesday, is potentially huge, with the company telling The H's associates at heise Security that the spammers have been able to sign in to more than 300,000 accounts. GMXnow believes that the attackers have an extensive list of email addresses with passwords. The original theory, that the accounts were cracked with brute force attacks, has not been backed up by the evidence.
The email provider, which belongs to United Internet, believes that the information was not taken from its own servers, but rather from somewhere else, although the list's origin remains unknown. GMX had originally claimed that it had registered 300,000 successful logins and about twice as many attempts with incorrect passwords. In a statement to heise Security the company later corrected this number to 3,000 logins that could be traced back as having all come from a well-known botnet. These accounts have now been temporarily disabled.
GMX has stated that the attackers have been found to be using logins that definitely belong to other providers. This suggests that the attackers took the login data from another source and are now finding out which users have the same password for their GMX accounts. According to GMX, the list was checked in alphabetical order using the webmail interface for smartphones. Only logins with email addresses that are actually from GMX were tested.
If a user's account has been used to send spam, after logging into the browser interface they will be asked to change their password. Since the unknown spammers most likely still have a long list of accounts, all other GMX users should also change their passwords, especially if they use the same password for GMX and other online services.