A hacker has targeted and released private data on German chancellor Angela Merkel and other senior German lawmakers and officials.
The data was leaked from a Twitter account, since suspended, and included email addresses, phone numbers, photo IDs and other personal data on hundreds of senior political figures.
According to a government spokesperson, there was no “sensitive” data from the chancellor’s office, but other lawmakers had more personal data stolen. Other portions of the leaked data included Facebook and Twitter passwords. Some had their credit card information stolen, and chat logs and private letters published in the breach.
Germany’s Federal Office for Information Security said in a statement that it was “extensively investigating” the breach, but does not believe there was an attack on the government’s networks.
It’s been reported that the hacker may have obtained passwords to access social media accounts. Often, hackers do this by tricking a phone company into “porting out” a person’s phone number to another SIM card, allowing them to password reset accounts or obtain two-factor codes.
The hacker leaked data on senior lawmakers across the political spectrum, but noticeably absent were accounts for the country’s far-right Alternative for Germany party.
The hack is reminiscent of a data breach involving the Democratic National Committee in 2016, which targeted the Democrats in the U.S. in the months running up to the U.S. presidential election. The U.S. government later attributed the hack to Russia, which prosecutors say tried to influence the election to elect Donald Trump to the White House. The Justice Department brought charges against seven suspects earlier this year for being part of the so-called “Fancy Bear” group of hackers, working on behalf of the Russian government.
Little is known about who is behind the leak of German lawmakers’ data. The German government has not speculated about who — or if a nation state — may have been behind the attack. But the alleged hacker said in a statement linked from their Twitter account that they “operated alone and does not belong to any organization or similar on Twitter.”
According to security experts who’ve seen portions of the data, the hacker spread the stolen information across several sites and mirrors, making it “really hard to take down.”
This data leak has so much data squirrelled away to avoid take downs. It must have required many man hours of uploading.
– 70 mirrors of the download links
– 40 d/l links, each with 3-5 mirrors
– 161 mirrors of data files
Plus the tweets, blog posts, mirrors of mirror links.
— the grugq (@thegrugq) January 4, 2019
Germany’s minister for justice Katarina Barley called the breach a “serious attack,” one that aimed to “damage confidence in our democracy and institutions,” according to the BBC.
It’s not the first time that the German parliament has faced security issues. In 2015, attackers stole gigabytes of data on lawmakers, which Germany’s domestic spy agency later accused Russia of behind behind the breach.
Russia has repeatedly denied launching cyberattacks.