Hundreds of German politicians and journalists have fallen victim in a massive data leak, it was revealed on Friday. Gigabytes of personal data – some of it highly sensitive – has been posted online.
The stolen data was released in an Advent calender-style, with daily batches promoted through Twitter from December 1 through Christmas Eve, but it was not discovered until Thursday. It was reported by local media on Friday.
The cyber breach affects more than 500 politicians from all major parties, with the exception of the far-right AfD. Politicians at all levels are included: local representatives, national lawmakers, and members of the European Parliament.
The cache was too big to immediately review, but journalists who went through some of the material have reported finding phone numbers, home addresses, private chats, photos, letters, internal documents, and invoices.
“I searched through it 5 hours last night, read maybe 3% of it, and already found cases of [nepotism] and bad political scandals,” Julian Röpcke, a journalist for the Bild newspaper, said. “It will be thus very hard for journalists to determine what they do with the data now.”
It was not immediately known how and when the information was stolen, but some files are as recent as October, while others date back to 2009. The type of information that was released varied widely, suggesting that it may be the result of multiple breaches, rather than a single one.
The government said it found out about the data leak on Thursday night, after which German Chancellor Angela Merkel and political parties were notified. The national cyber defense body convened an emergency meeting on Friday morning.
At least 50 journalists, artists, and comedians are also affected, many of whom are known for their left-leaning views. Comedian and author Christian Ehring was hit especially hard as more than 3.4 gigabytes of his data was released online, according to the Bild.
It’s unknown who is behind the cyber attack. A Twitter account that was used to promote the data used the name “G0d,” described itself as a security researcher, and claimed to be based in Hamburg. It was suspended by Twitter on Friday morning.
Experts caution against viewing the stolen data, noting that spyware and malware could have been inserted. They also point out that some of the data could have been altered before it was released on the internet.