Recently published blog posts:
Go to the blog archive and browse all previous blog posts
we have published so far.
Subscribe to the GovCERT.ch blog RSS feed to stay up to
date and get notified about new blog posts.
Recently published whitepapers:
Subscribe to the whitepapers RSS feed to stay up to date
and get notified about new whitepapers.
Report an incident:
The following email address can be considered as point of
contact for FIRST members and other
Alternative GovCERT.ch PGP Key (for older versions of PGP without Curve25519 support)
Published on March 18, 2016 09:30 UTC by GovCERT.ch (permalink)
Last updated on March 18, 2016 13:22 UTC
MELANI/GovCERT has been informed about potentially leaked eMail Accounts
that are in danger of being abused. MELANI/GovCERT provides a tool for
checking whether your account might be affected: https://checktool.ch
As we received much feedback - via eMail and via Twitter, we decided to
make a short update with some additional information in the form of Q&A:
Q: Why did you use Cloudflare?
A: We considered the risk of DDoS attacks to be very high. Cloudflare is
an experienced DDoS mitigation provider. We decided to use a DDoS
mitigation provider not only for the protection of the tool itself but
also for the ISP where our server is located.
Q: Does that mean that the server is located in an US cloud?
A: No, the server with the hashes is located in Switzerland. We just use
Cloudflares network for DDoS mitigation. The IP address you see when
doing a lookup is the front-end server in the cloudflare network. This
server does not store any data but passes the requests to our backend
Q: Who does have access to the actual eMail addresses?
A: No one except us. The eMail addresses provided to us are not on the server. We just
stored the hashes on the server. Only hashes are transferred from the
client to server. If you enter the eMail address it is immediately
hashed on the client side and never stored.
Q: Why can’t I search for a whole domain or with a wildcard?
A: We did not store eMail addresses in the system, only hashes. This
makes a wildcard search impossible by design. Apart from that, we have
privacy concerns, if one can basically have a look at all eMail
addresses. If a provider or organization would like to have a search for
a whole domain, we can do that offline. Please provide some proof that
you are really responsible for the domain.
Q: Why did you do this? Why did you not just pass the information to a
site like haveibeenpwned?
A: We were not in the position to pass the raw data to another
Q: For how long did you know about this data?
A: We received the dataset yesterday (18th March) evening.
Q: What else do you have to say?
A: Always use good passwords, choose different passwords for every
account, use a 2 Factor authentication whenever possible.
Back to top