This page is a sub page of the case file for case DIVD-2025-00018 - Victim Notification Operation Endgame 2.0, which contains the general information about this case.
Some of your credentials were found in Operation Endgame 2.0 and have been stolen by the Latrodectus botnet
If you received a notification from us with the subject [URGENT] Operation Endgame - Compromised credentials found for this email address - Ref:Latrodectus1/2025-00018 it means that one or more email address and password combinations of you were found to be stolen by the Latrodectus Botnet by the Dutch police.
The email contains exact details about which credentials were harvested.
What does this mean?
The credentials in the email were stolen from the password managers built into browsers by criminals operating the Latrodectus Botnet and have been discovered by the Dutch Police somewhere before the 23 May 2025. The criminals either intended to sell these credentials to other criminals or to abuse these accounts to make more victims.
What should I do?
We need your help to make sure criminals can no longer abuse the information they have about you.
Here are a few steps you can take:
- If you recognize the password, change it immediately to prevent future abuse.
- If you’re unable to change your password because you are locked out of your account, contact your administrator and ask for a password change as soon as possible.
- Have you used this email address and password elsewhere? Change it immediately. Criminals often try the same username/password combinations on many different services and accounts.
- Never use this combination of email address and password anywhere else again. This email address and password is now noted in databases and traded amongst criminals, which makes them very easy to guess or crack.
- There might still be malware on your computer. Perform a virus scan to check if there is malware and take actions if there is.
- Enable dual or multi factor authentication (MFA). This stops an attack from criminals if they know your password. implement two-step verification in as many places as possible.
- If this email address is a business email address, you are recommended to reach out to the security department of that organization.
Mind you, what we emailed you is a masked password. All characters in the password were replaced by an asterisk (*) except the four last characters. So e.g. the password VeryWeakPassword01! would have been transformed to ***************d01!.
More questions?
The (main case file)[/DIVD-2025-00018) contains a Frequently Asked Questions (FAQ) section. If that does not answer your questions, please reply to the email you received or email us at DIVD-2025-00018@csirt.divd.nl.
For more information, see the main case file.