Image: PeopleImages / Shutterstock.com
The figure is alarming: 18.6 million compromised online accounts in Germany alone in 2025. According to an analysis by security company Surfshark, 425.7 million accounts were hacked worldwide. A new record high. Chip.de reports on the case.
This puts Germany in fourth place among the most affected countries—behind the US (142.9 million), France (40.3 million), and India (28.9 million). The situation becomes even more alarming when population figures are taken into account. In per capita terms, Germany and France in particular fare even worse.
Why does it affect so many people – and so quickly?
Anyone who imagines hackers as lone wolves working in dark basements is usually wrong. The majority of attacks are automated. Criminals use programs that access data millions of times over.
So-called infostealer malware is particularly widespread. These malicious programs secretly read stored access data on computers or smartphones—from email accounts to online shops. Equally effective are deceptively genuine phishing websites. They look like the login portal of a bank or streaming service—and collect passwords in the background.
The insidious thing about this is that many of those affected do not notice anything for a long time. Their data is already circulating on the internet, while they still believe that everything is secure.
France shocks with record figures
It comes as no surprise that the US leads in absolute terms. But France is causing some concern. There are 605 data leaks per 1,000 accounts there, compared to 413 in the US. That is many times the global average.
The reason for this is not only a lack of investment in IT security. France experienced several massive incidents that affected entire population groups. Particularly drastic was the case of the state employment agency France Travail, which fell victim to data leaks seven times in 2025. In 2024, the complete data records of 43 million people were lost – almost the entire working population of the country.
Such major incidents massively distort the statistics—and show how vulnerable central databases are.
Germany's problem: saving in the wrong place?
Germany also performs poorly. 18.6 million compromised accounts are no longer a marginal phenomenon. Experts attribute this to years of underinvestment in IT structures, among other things. Outdated systems, lack of security updates, and staff shortages create gateways for attackers.
One thing is clear: cyberattacks are not a minor technical issue. They affect consumers, businesses, and public authorities alike. Stolen access data can lead to identity theft, financial losses, or blackmail.
What those affected should do now
In any case, regularly check your email addresses using services such as "Have I Been Pwned." There you can find out whether your personal data has ever appeared in known leaks.
In addition, use strong, unique passwords, enable two-factor authentication, and always keep your software up to date. Anyone who uses the same login for multiple services is playing right into the hands of hackers.
The bare figures show one thing above all: digital security has long been a question of infrastructure—not just individual caution.
We see this as a structural failure. When states and public institutions lose millions of data records, it is not enough to simply urge users to be more disciplined with their passwords. Those who collect data bear responsibility. And those who cut corners on IT security are cutting corners in the wrong place—namely, on the trust of citizens.
Sources: chip.de, surfshark.com
