This page is a sub page of the case file for case DIVD-2025-00019 - Victim Notification Operation Endgame, which contains the general information about this case.
Some credentials of your were found in a Botnet in Operation Endgame
If you received a notification from us with the subject Your stolen credentials found in Police operation - DIVD-2024-00019 it means that one or more email address and password combinations of unknown origin were found in a Botnet by the Dutch police.
While we don’t know what these passwords belong to, we do know that they have been used by criminals between December 2023 and May 30th 2024.
What does this mean?
What we know for sure is that the combination of your email address and passwords were used by criminals operating a botnet between December 2024 and May 30th 2025. We do not know what systems these credentials belong to or how the criminals obtained them. It could be that these credentials were obtained in a phishing attack, or stolen from your system with malware, but it can also be that these criminals bought a database with credentials from a malicious, third party.
What should I do?
We need your help to make sure criminals can no longer abuse the information they have about you.
Here are a few steps you can take:
- If you recognize the password, change it immediately to prevent future abuse.
- If you’re unable to change your password because you are locked out of your account, contact your administrator and ask for a password change as soon as possible.
- Have you used this email address and password elsewhere? Change it immediately. Criminals often try the same username/password combinations on many different services and account
- Never use this combination of email address and password anywhere else again. This email address and password is now noted in databases and traded amongst criminals, which makes them very easy to guess or crack.
- There might still be malware on your computer. Perform a virus scan to check if there is malware and take actions if there is.
- Enable dual or multi factor authentication (MFA). This stops an attack from criminals if they know your password. implement two-step verification in as many places as possible.
- If this email address is a business email address, you are recommended to reach out to the security department of that organization.
Mind you, what we emailed you is a masked password. All characters in the password were replaced by an asterisk (*) except the four last characters. So e.g. the password VeryWeakPassword01! would have been transformed to ***************d01!.
More questions?
The (main case file)[/DIVD-2024-00019) contains a Frequently Asked Questions (FAQ) section. If that does not answer your questions, please reply to the email you received or email us at DIVD-2024-00019@csirt.divd.nl.
For more information, see the main case file.