The vast trove of data was released online and disseminated via Twitter over the span of four weeks – without anybody really noticing.
German authorities are investigating a major cybersecurity incident that saw the personal information of hundreds of German politicians, as well as a number of TV personalities and journalists, dumped online in serial fashion, according to Euronews and other media outlets.
The data, which goes back to before October 2018, was disseminated via a now-suspended Twitter account – seen, for example, in this screenshot – that linked to the dumps on anonymous-sharing sites almost daily between December 1 and 24, wrote Politico. On December 28, one more link was posted.
And yet, the data dump – or, in fact, a long series of data dumps – didn’t really come to light until Thursday night, before the news of it ‘exploded’ on the internet on Friday. It’s unclear how the information was stolen, what the motivations behind the theft(s) are or, indeed, who is behind the entire incident.
The smorgasbord of leaked data includes the politicians’ credit card details, banking and financial information, addresses, mobile phone numbers, photos of ID cards, personal chat histories, as well as their respective parties’ emails, memos and letters. Representatives of all but one party in the country’s federal parliament were impacted. Chancellor Angela Merkel and President Frank-Walter Steinmeier are also among the victims.
But as regards the Chancellor’s office, Euronews quoted a government spokesperson as saying that no truly sensitive information appears to have been stolen.
Meanwhile, the BBC quoted the German national cybersecurity authority (BSI) as saying that government networks were not impacted, “as far as it was aware”. The Defense Ministry also said it wasn’t affected, as per Deutsche Welle.
As is often the case with developing stories, early reports differ from each other in some important details. However, there is a common thread here in that no political bombshells have, as of yet, been dropped courtesy of the dump, as it doesn’t appear to contain any explosive information in this regard. That’s not to say that it won’t change as the data is examined in detail, however.
Which engenders the question: is (all) the data authentic? For example, Florian Post, a member of Germany’s Federal Parliament and one of the leak’s victims, said that at least one document is fake, but admitted that much of what relates to him is indeed genuine.
written by Tomas Foltyn, ESET We Live Security