Title: Hundreds of Swiss military personnel emerge in new data leak Lead: Millions of Swiss e-mail addresses and passwords are circulating on the Internet - even from authorities. The army is particularly affected. Since the beginning of the year, a new collection of hacked platforms and user profiles has been circulating on the Internet, the "Collection #1-5". For the first time, SRF Data was able to completely evaluate it. The research shows: The data collection contains over three million e-mail addresses with Swiss endings, including passwords. Particularly affected: around 20,000 different user profiles of employees of Swiss authorities and operators of critical infrastructures. Among them are more than 6000 e-mail addresses of employees of the cantons and 2500 of those of the Confederation. Around a fifth of the 2500 affected federal addresses belong to the Swiss Army. In comparison to other federal agencies, it appears particularly often in the leaks. The acting head of the armed forces, Philippe Rebord, can also be found in the data. The fact that sensitive information, such as passwords, circulates on the net is problematic. Attackers can use the data to blackmail, for example. In the process, victims are confronted with old passwords from such leaks. This can be traumatic, even if the passwords themselves no longer work. At the beginning of the year, these so-called "fake sextortion" cases increased again. Whether there is a connection with the data collection "Collection #1-5", is unclear. Sub title: Swiss army particularly hard hit When asked, army spokesman Daniel Reist writes that the army is aware of these facts. The affected employees had already been personally informed in January: "To minimize risks and to increase private security, we have recommended changing all passwords if possible." However, since the user profiles had been used for private purposes, the risk for the Armed Forces had to be classified as low. Because the army uses several factors for logging into its systems, passwords alone are of little value to attackers. Nevertheless: "In accordance with current directives, employees should not use business e-mail addresses in a private environment." Whether adjustments or further tightenings are necessary is now being examined. Sub title: "We are paying more and more for this." Last August the Sonntagszeitung already reported on the problem of official addresses. Since then, several thousand user profiles of employees of security-critical institutions have been added. And the sensitive data is now much easier to access - on the open Internet. Ueli Maurer, Professor of Cryptography and Information Security at ETH, says: "The global IT infrastructure, including the Internet, is complex - and was not built with security in mind. As a society, we are increasingly paying the price for this". He does not know the details of "Collection #1-5", but he says it is already problematic when millions upon millions of passwords - whether still in use today or not - are freely available on the Internet. Society must find ways to deal with the problem and build a more secure IT infrastructure. Research, education and clear liability rules for security breaches are needed. "But it may be many years before we get that far, partly because there are government agencies, for example certain secret services, which are not at all interested in ensuring that the systems are maximally secure." Box: Why are there so many addresses? The reason for the appearance of business addresses in such leaks is often that employees also use them for private user profiles. When such websites, for example the social network Linkedin or the cloud provider Dropbox, are hacked, the captured user profiles first appear on the black market on the Darknet - and eventually on some forums where anyone can download them for free. Box: About the "Collection #1-5" One search term, one hit: The forum where you can download the so-called "Collection #1-5" appears high up on Google. The huge data leak that came to light in January can be obtained by anyone free of charge. With over 2.2 billion different email addresses (including passwords) and around 900 gigabytes of data volume, "Collection #1-5" is the largest coherent collection of hacked user profiles to date. The collection contains many duplicates and other unusable data. Nevertheless, according to security experts at the German Hasso Plattner Institute, their appearance is alarming. Around 35 percent of the hacked user profiles (around 750 million profiles) had not yet been stored in the Institute's leak databases - a considerable proportion of which is suspected to originate from recently hacked websites. The easy availability of the data is particularly problematic. According to security experts, it seems the longer the less attractive it is to sell hacked user profiles on darknet. Instead, there seem to be more and more people who combine such data into large collections and distribute them for free in the easily accessible parts of the Internet.