This page is a sub page of the [case file for case DIVD-2025-00019 - Victim Notification Operation Endgame, which contains the general information about this case.
Your email credentials were found in a Botnet in Operation Endgame
If you received a notification email from us with the subject Your stolen email credentials found in Police operation - DIVD-2024-00019 it means that the email address and password(s) mentioned in the email have been found in a botnet by the Dutch police.
What does this mean?
The combination of your email address and password was used by criminals between December 2023 and May 30th 2024. Most likely those criminals used your email address and password to send emails to other (potential) victims, to spread malware or they used your email account to interact with their victims.
How did criminals obtain my email address and password?
We do not know for sure. It is possible that your credentials were compromised in a phishing attack, stolen by malware on your system or bought from other criminals.
What should I do?
We need your help to make sure criminals can no longer abuse the information they have about you.
Here are a few steps you can take:
- If you recognize the password in the email, change it immediately to prevent future abuse.
- If you’re unable to change your password because you are locked out of your account, contact your administrator and ask for a password change as soon as possible.
- Have you used this email address and password elsewhere? Change it immediately. Criminals often try the same username/password combinations on many different services and account
- Never use this combination or email address and password anywhere else again. This email address and password is now noted in databases and traded amongst criminals, which makes them very easy to guess or crack.
- There might still be malware on your computer. Perform a virus scan to check if there is malware and take actions if there is.
- Enable dual or multi factor authentication (MFA). This stops an attack from criminals if they know your password. Implement two-step verification in as many places as possible.
- If this email address is a business email address, you are recommended to reach out to the security department of that organization.
What we emailed you is a masked password. All characters in the password were replaced by an asterisk (*) except the four last characters. For example: password VeryWeakPassword01! is transformed to ***************d01!.
Note that the DIVD does not have access to the unmasked passwords and that we will never (mis)use or spread your information.
More questions?
The main case file contains a Frequently Asked Questions (FAQ) section. If that does not answer your questions, please reply to the email you received or email us at DIVD-2024-00019@csirt.divd.nl.
For more information, see the main case file.