The email addresses and other personal details of nearly a thousand British MPs, MEPs, and French officials have been leaked to dark web marketplaces.
Secure email firm Proton and Constella Intelligence searched the dark web for 2,280 official government email addresses from the British Parliament, European Parliament, and French Parliament, and found that around 40% had been exposed, along with passwords, dates of birth, and more.
British MPs “fared the worst”, according to Proton, with more than two-thirds of the checked email addresses appearing on various dark web marketplaces.
Meanwhile, 44% of MEPs had a trove of information leaked online.
French deputies and senators boasted the best security, the study noted, with just 18% of searched emails appearing in hacker exchanges.
"The fact that these emails, which are publicly available on government websites, are on the dark web isn’t a security failure by itself. Nor is it evidence of a hack of the British, European, or French parliaments," said Proton's Richie Koch.
"Instead, it shows that politicians used their official email addresses to set up accounts on third-party websites (which were later hacked or suffered a breach), putting themselves and the information they’re entrusted to keep safe needlessly at risk."
More concerningly, these email addresses were matched with 697 passwords in plain text - which, if reused elsewhere, could risk other email accounts.
"Many of these MPs, MEPs, deputies, and senators are in senior positions, including heads of committees, government ministers, and senior opposition leaders, and have access to highly sensitive information,” Koch said.
"Even worse, several of them are currently serving or have formerly served on committees charged with overseeing and enforcing national (and international) digital strategies."
The investigation revealed that many politicians regularly used their official emails to sign up for services such as LinkedIn, Adobe, Dropbox, Dailymotion, petition websites, news services, and even, in a small number of cases, dating websites.
British MPs are a hot commodity on the dark web
In the UK, MPs’ email addresses were exposed a total of 2,110 times on the dark web, with the most frequently targeted MP experiencing up to 30 breaches. They also showed up repeatedly, with the average breached MP having their details appear in 4.7 breaches.
The UK has been hit frequently by state-backed cyber attacks. In December 2023, the government accused Russia of a cyber attack on British academics, politicians, and policymakers that had been going on for years.
Officials claimed Russia’s FSB was attempting to phish these individuals to spy on their private emails.
Meanwhile, of the 309 MEPs exposed, 92 were caught up in 10 or more leaks.
Politicians in Brussels had their email addresses exposed 2,311 times, along with 161 passwords in plaintext.
In February, two members and a staffer of the European Parliament’s security and defence subcommittee found spyware on their smartphones, while in March it was revealed that the Chinese-backed APT31 hacking group was probably behind an attempted hack of every EU member of the Inter-Parliamentary Alliance on China.
