The Federal Office for Information Security (BS) says the botnet is still in operation.
The email addresses and passwords of about 18 million internet users were leaked in what is said to be one of the largest data breaches in Germany.
The Federal Office for Security in Information Technology (BSI) has been reportedly working with email service providers including Deutsche Telekom, GMX, and Vodafone to notify the affected three million users in Germany.
Citing a statement from BSI, ZDNet noted that the botnet is still in operation and the stolen identities have been actively exploited.
The new case comes not too long after another report of the widespread theft of email credentials involving the loss of about 16 million e-mail credentials.
As users cannot be notified directly, they are advised to sign in to a special ‘safety test’ website, and enter their email credentials to confirm if their identity has been compromised.
However, Germany is working on its own internet after alleged NSA snooping on German Chancellor Angela Merkel’s cell phone.