A system or account is infiltrated. This is done using passwords that were lost during a previous data leak.
There are countless lists of leaked login and password combinations circulating online. Attackers use these in automated attacks on online services in the hope that people have reused the same password on multiple sites. If you suspect a hacker has gained access to your passwords, immediately block any accounts using those passwords.
Specific measures
Preventive measures
How the NCSC can help
- Close any accounts that you suspect have been compromised.
- Check the logs for possible attacks or attempted attacks.
- If accounts have been hacked, the NCSC recommends filing a police report. You can find your nearest police station on the Suisse ePolice website (available in German, French and Italian).
- You should always enable two-factor authentication (2FA) for services that offer it. This will increase the security of your data considerably.
- For VPNs and other internet-accessible services, limit authorised IP addresses to the bare minimum (e.g. using geofencing or whitelisting).
- Set up a rule to block accounts / IP addresses after several failed login attempts.
- Implement a process to detect suspicious logins in the logs and trigger an alert.
- Raise awareness of this issue among your staff. In particular, passwords should never be reused across multiple online services, including personal accounts.
Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
Last modification 09.10.2025
