Use the BSI security test - how it works

The BSI has set up a security test for concerned users: With this you check whether your email address has also been cracked. In April 2014, botnet hackers stole over 18 million email addresses with passwords. Already in January, a similar amount of data came into the hands of the criminals. Here we explain how you can check your email address using the website of the Federal Office for Information Security (BSI).

BSI security test - how to check your email address

• You can find out here whether your email address and the associated password are affected.
• Enter your email address there and agree to the data protection conditions. You will now see a four-digit code. You should make a note of this.
• Then open your e-mails: You will usually receive a message as soon as your e-mail address is affected. Before opening the e-mail, check whether the four-digit code from the step above matches the code in the subject line. Otherwise, the email could be fake and contain malware.
• Update 7.4.2014: Users whose email addresses were stolen in April 2014 will be automatically notified by BSI this time - provided they are accounts of the providers Deutsche Telekom, Freenet, gmx.de, Kabel Deutschland, Vodafone and web.de, You can find details and precise background information in this CHIP News.

How long does the response email for the BSI security test take?

• As a rule, the BSI sends the notification email immediately after you have entered your email address. Ie if you have not received an email after a few minutes, your account should not have been affected by the hack.
• However, according to the BSI, if the mail server is under heavy load, you may only receive the mail after a few hours.
• You can read more about the "waiting time" for BSI mails in the practical tip "No mail from BSI".
• By the way: If in doubt - if the BSI server hangs up during the check - you can have your email address checked again.

Tips for those affected with stolen data

The following things should be considered if you are affected yourself:

1. Change the password of your mail account immediately. All other accounts with this password are also no longer secure. So you should give the accounts a new, secure password. It is best to use a different password for each website.
2. Since the data was probably spread via installed malware, you should check your computer with a current virus scanner.
3. Also check whether your PC is part of a so-called "botnet". This article explains how you can find out and what it is.
4. We give further tips in the article: "BSI test positive - what to do?".

Latest videos

First enter your email address on the BSI website and confirm the data protection declaration.

An individual four-digit code consisting of numbers and letters is displayed on the confirmation page. Be sure to write this down.

If your email address is affected by the botnet hack, you will receive an email from the BSI in your inbox. Before opening the mail, make sure that the code you wrote down is also named as the "identifier" in the subject line - only then will the mail really come from the BSI.