In a German language blog post on its website, DT said that it examined a sample of 90 records, and found that “at least part” of them are “real and current.” The actual cache is thought to be a lot larger, between 64,000 records and 120,000 records.
The company denied it has been hacked, and suggested the data may have been obtained through phishing attacks.
A DT spokesperson told SCMagazineUK.com that, “we've already informed all the customers of whom we know that their login data is available on the darknet (we received samples). We then informed the broader public via a press release and will now inform all our t-online customers (6 million) directly. We will add some information about what a strong password should look like and why people should change it regularly.”
In the press release, Thomas Kremer, chief privacy officer at DT, hinted at the possibility of a password reuse attack, which leverage passwords that were stolen from a separate breach but have credentials that match other services.
The Deutsche Telekom spokesperson said that, “Deutsche Telekom regularly educates its customers on online safety. We launched an online privacy and security manual: https://www.sicherdigital.de/. Moreover we regularly inform our customers about phishing attacks, hacking attempts and other security issues.”