Research conducted by Proton and Constella Intelligence has uncovered that personal information of hundreds of British and European politicians is available on dark web marketplaces. The data includes email addresses, passwords, birth dates, and other sensitive information. Specifically, 918 British MPs, European Parliament members, and French deputies and senators have had their details exposed. This alarming discovery indicates that 40% of the official government email addresses from British, European, and French Parliaments were compromised. Most of the leaked email addresses belong to British MPs, followed by EU MEPs.
French deputies and senators were found to have the best security, with only 18% of their email addresses appearing on dark web forums. Many of the compromised politicians hold senior positions, including heads of committees and government ministers, making the potential impact of this data breach particularly severe. The presence of these email addresses on the dark web suggests that politicians used their official emails to register on third-party web services that later suffered data breaches.
Even more concerning is that researchers matched 697 plain text passwords to these email addresses, further increasing the risk of account takeovers. The study noted that British MPs had their email addresses exposed a total of 2,110 times, with some MPs experiencing up to 30 breaches. On average, each breached MP’s details appeared in 4.7 breaches. European Parliament members also faced significant exposure, with 309 MEPs involved in multiple leaks and their email addresses exposed 2,311 times.
The data suggests that politicians have used their official email addresses to sign up for various services, including LinkedIn, Adobe, Dropbox, Dailymotion, and even some dating websites. The report highlights the risk that even if hostile takeovers of these accounts do not grant direct access to state secrets, they could still reveal private communications or other sensitive data, which could be used for phishing or blackmailing the politicians. This incident underscores the urgent need for improved cybersecurity practices among political figures to safeguard their information and prevent potential exploitation.
