“We see a new data leak every second,” says Professor Michael Meier, Head of the IT Security Working Group. “We provide the Leak Checker as a service, enabling users to proactively find out whether they have been compromised.” Of particular concern is how in many leaks the complete login credentials have been stolen, allowing criminals to take over a spectrum of online accounts including social media, email and with e-commerce merchants.
From research project to permanent offering
The Leak Checker was the fruit of an EIDI research project funded by the Federal Ministry of Education and Research titled “Effective Information after Digital Identity Theft.” In this project, Bonn-based security informatics specialists analyzed billions of leaked identity data sets in an effort to then devise methods capable of protecting consumers from account takeovers. The Leak Checker allows users to find out if they have been victimized so they can take appropriate protective measures, such as changing their password.
Interest was so great that the University decided to establish it as a permanent service offering. The start-up Identeco was formed with the help of the University of Bonn’s enaCom Transfer Center to operate the Leak Checker in cooperation with the University. Identeco helps businesses identify potential data leaks, among other services.
Strong demand reflects growing need
The figures show how relevant the service is, with over 1.6 million info requests received since launch—sometimes more than 10,000 per day. Usage surged to over 770,000 info requests in 2025. The search database now contains over 58 billion leaked data records, and this figure is rising sharply all the time.
Professor Meier explains: “The demand clearly indicates that people have a great need for this kind of information. And we see the Leak Checker as our University’s contribution toward digital literacy.” The team takes many support requests every week via email and phone, and recommends that users regularly take advantage of the Leak Checker. “The black market for stolen identities is growing all the time,” says Identeco Managing Director Dr. Matthias Wübbeling, who is Akademischer Oberrat (senior lecturer with civil servant status) at the Institute of Computer Science 4. “We find over 300 million new data records every month, all across the internet.”
Password security research to continue
The project funding period has ended but research on this very hot topic continues at the IT Security Working Group, as over 50 theses have been concerned with account takeovers and identity data leaking in recent years. In a comprehensive study of consumer password usage behavior conducted in collaboration with Identeco using database data from 2025, passwords referenceable to consumers via free email providers popular in Germany like gmx.de and web.de were analyzed. The study also looked specifically at passwords referenceable to users of clubs in the first and second Bundesliga football leagues and at major German universities.
In addition to frequent password reusage it was observed that the passwords used often refer to or involve the names of regional clubs and institutions, including city names like “Bonn”, “Frankfurt” and “Munich” and club names like “Borussia" and “Eintracht.” The most popular password however still remains: “123456”.
As Dr. Matthias Wübbeling points out, "Passwords that contain indications about the user or the service utilized are always easier to crack than randomly composed passwords." The study thus delivered valuable insights for improving online account security.