Published on: June 1, 2024
The personal data of almost a little over 900 EU politicians has surfaced on the dark web, according to new research.
A study by Proton, in collaboration with Constella Intelligence, discovered that British MPs, members of the European Parliament, and French deputies and senators have had their data exposed due to hacks or breaches of third-party services they used with their parliamentary email addresses.
British MPs were the most affected, with 68% of their email addresses appearing on the dark web. The affected MPs include cabinet ministers, opposition frontbenchers, and members of committees responsible for overseeing the UK’s cybersecurity.
“According to our findings, British MPs are fortunate not to have suffered a major scandal involving account takeovers … ” the company notes.
In contrast, 44% of EU Parliament members and 18% of French deputies and senators had their data posted on hacker forums.
Proton highlighted that many of these email addresses are publicly accessible on government websites. However, their presence on dark web marketplaces indicates that they were used to create accounts on various third-party online services that were eventually hacked.
“While we aren’t publishing any identifiable data to avoid putting individuals at risk, we can reveal that our investigation showed elected politicians regularly used their official emails to sign up for services like LinkedIn, Adobe, Dropbox, Dailymotion, petition websites, news services, and even, in a small number of cases, dating websites,” the company says.
The researchers also found that 216 passwords linked to MPs’ breached accounts have been exposed.
“Even more concerning is that these email addresses were matched with 697 passwords in plain text,” Proton writes. “If a politician reused one of these exposed passwords to protect their official email account, it could also be at risk.”
The exposed data also included dates of birth, home addresses, and social media accounts, giving attacks “plenty of details to make convincing phishing attacks,” Proton warns.
Source of Article
