Germany is creating a website to alert the owners of 18 million email passwords stolen worldwide, an Interior Ministry spokesman says.
The list of breached mail accounts was seized last week from a hacker and are believed to be the biggest ever found in Germany. They had apparently already been used to spread spam emails, and police say the passwords were used to assemble a so-called botnet.
Only about 3 million of the compromised mail accounts are German based, with .de domain suffixes. The rest had endings for other countries, including the most common international suffix .com.
German email providers are to directly warn customers whose accounts have been breached, said Harald Neymanns, an Interior Ministry spokesman, on Friday. He said prosecutors uncovered the list on March 27.
Germany's Federal Office for Information Security (BSI), an anti-hacker agency, launched a German-language-only website in January where email users could check if their addresses had been compromised in a previous theft of 16 million passwords.
"The prosecutors asked the BSI that the people be informed," Neymanns said.
"A procedure is being prepared similar to what happened in the previous identity-theft case."
He said the agency's procedure would have to obey privacy rules and the server to be used would need load-testing before it went live "so that it can cope with the likely traffic".
Separately, BSI said it was working "urgently" on a solution. Its server was nearly overwhelmed in January as millions of email users tried to discover if they were victims.
The Spiegel Online news website said it has suspected the same group of hackers were responsible for both the January theft and the new case. In January it was suggested the hackers were based in a Baltic state.