Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI


Press Release

35 Million Pieces of Stolen Identity Data Tracked Down in 2015 by HPI

Potsdam. In special Internet forums, security researchers at Hasso Plattner Institute (HPI) have tracked down nearly 35 million pieces of stolen identity data this year. Cyber criminals had published the data in fifteen cases, thus making it available for possible further illegal activities. HPI director Prof. Christoph Meinel stated that anyone can use the Institute’s “Identity Leak Checker” to check if his or her personal identity data has been affected. By entering an e-mail address at sec.hpi.de/ilc, it is possible to find out immediately, after a comparison has been made, whether the address has been disclosed in connection with other personal data (e.g., passwords or bank account numbers) and subject to misuse for malicious purposes.

“In the meantime, we are able to perform such checks against more than 215 million pieces of data collected from so-called leaks,” said Meinel. At the end of 2014 it was 180 million pieces of collected data. The data collected this year comes from 15 sources, such as Ashley Madison, Skype, Twitter, and Minecraft. But also information is provided from leaks from lesser known sources such as Lizard Stresser, Sprashivai or Impact Mailorder.

“This year there have been many big data thefts. In each case more than one million sets of identity data were stolen and subsequently made public,” the Potsdam Internet security researcher reported. Increasingly, so-called dating portals have been attacked, such as Ashley Madison or Adult FriendFinder, where the hacker sees a high blackmail potential.

The free Hasso Plattner Institute Identity Leak Checker has recorded almost 100,000 visitors in the last twelve months. In almost 13,000 cases, visitors were informed per e-mail that their identity data is freely circulating on the Internet. They were also advised about what kind of response is recommended in the specific case. Since the launch of the service in May 2014, to date approximately 1.7 million visitors have made use of the HPI Identity Leak Checker. Up to now, 160,000 warning messages informing visitors about published identity data have been sent.

“The inquiry is always answered, even if nothing is found. It is, however, impossible to give an absolute guarantee that no personal information has been stolen,” said Meinel — not all stolen data is published. The Institute does not reveal the actual data itself for reasons of security. However, it provides the approximate date that the affected information was made public.

Passwords are the most stolen form of identity data

Based on the statistics of HPI security researchers, passwords are by far the most commonly stolen identity data. In 62 million out of 233 million cases they are even found in plaintext. In order of frequency, follow: first and last names (37 million), telephone numbers (32 million), and—with the highest frequency by far—credit card data (10,200).

Based on the collected data, the analysis made by the Potsdam security researchers showed that the most popular password of Internet users worldwide remains a series of numbers or symbols on the keyboard (e.g., qwerty). First names or other phrases from the dictionary are also popular, such as the word “password”. Globally, the undisputed first place unfortunately still holds the series of numbers 123456, although, as Meinel said, such simple passwords are immediately detected by automatic crackers.

Profile of Hasso Plattner Institute

The Hasso Plattner Institute for Software Systems Engineering GmbH (HPI) at the University of Potsdam is Germany’s university excellence center for IT-Systems Engineering. HPI is the only university institution in Germany offering the Bachelor’s and Master’s degree in “IT-Systems Engineering”—a practical and engineering-oriented alternative to conventional computer science studies. Current enrollment is at approximately 480 students. The HPI School of Design Thinking is Europe’s first innovation school for university students. It is based on the Stanford model of the d.school and offers 240 places annually for a supplementary course of study. There are a total of twelve HPI professors and over 50 guest professors, lecturers and contracted teachers at the Institute. HPI carries out research noted for its high standard of excellence in its ten topic areas. Research work is also conducted at the Potsdam HPI Research School for PhD candidates and at its branches in Cape Town, Haifa and Nanjing. HPI teaching and research focuses on the foundation and application of large-scale, highly complex and distributed IT systems. The development and exploration of user-driven innovations for all sectors of life is an additional area of importance. HPI always earns the highest positions in the CHE university ranking. Since September 2012, HPI has provided an interactive Internet learning platform - openhpi.de. Its free open online courses are available to everyone.das jedem offen steht.