May 31, 2024 at 07:36AM
Proton and Constella Intelligence found hundreds of British, French, and European Parliament politicians’ email addresses on dark web marketplaces. 918 addresses were leaked, with 68% of British MPs affected. Proton warned that using government email addresses for third-party services puts politicians and sensitive information at risk, as exposed passwords and personal data could lead to phishing attacks.
It has been reported that hundreds of British, French, and European Parliament politicians’ email addresses and other information have been discovered on dark web marketplaces. In collaboration with Constella Intelligence, Proton conducted a study that found nearly 2,300 official government email addresses on the dark web, with 918 of them leaked to cybercrime marketplaces. The percentage of impacted politicians varies across different organizations—68% for British MPs, 44% for EU Parliament members, and 18% for French deputies and senators.
Notably, the email addresses were found more than 2,100 times on the dark web for British politicians, including senior government and opposition figures. Proton highlighted that while many of these email addresses are publicly available on government websites, their presence on dark web marketplaces indicates that they were used to create accounts on various third-party online services that were subsequently hacked. These services include Adobe, LinkedIn, Dropbox, Dailymotion, petition sites, news services, and even dating websites.
The use of official government email addresses for such services not only puts politicians at risk but also endangers the confidential information they are responsible for safeguarding. Proton’s warning is further underscored by the revelation that some of the leaked email addresses were paired with 697 passwords in plain text. There is concern that politicians may have reused these exposed passwords to secure their official email accounts, potentially putting those accounts at risk as well.
In addition to email addresses and passwords, the exposed data includes dates of birth, addresses, and social media accounts, which could be exploited for convincing phishing attacks.
This situation highlights the critical need for enhanced cybersecurity measures to protect the sensitive information of government officials.