5 Jan 2019

German data breach affects hundreds of politicians

12:33 pm on 5 January 2019

Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published on social media.

12 December 2018, Berlin: Chancellor Angela Merkel (CDU) is waiting for the start of the cabinet meeting at the Chancellor's Office. Photo: Michael Kappeler/dpa

German Chancellor Angela Merkel was among hundreds of politicians, media personalities and celebrities to have personal data exposed. Photo: AFP

Contacts, private chats and letters, financial details, addresses and copies of identity cards were exposed in what appears to be one of Germany's most far-reaching data leaks.

It targeted members of all the country's political parties - except the right-wing party AfD - were released on Twitter in the style of an advent calendar last month, along with data from celebrities and journalists.

Interior Minister Horst Seehofer said preliminary analysis showed the data had been obtained through "wrongful use of log-in information for cloud services, email accounts or social networks".

Mr Seehofer said in a statement there was no evidence parliamentary or government systems had been compromised. Bild newspaper reported all the data stolen in the attack dated back to before October 2018 but it was not clear when it began.

The information was leaked from a now-suspended twitter account @_0rbit operated from Hamburg, and Mr Seehofer said authorities were working to find the perpetrator.

German Interior Minister Horst Seehofer, outgoing leader of the conservative Christian Social Union (CSU) party, gives a statement as he arrives for the CSU parliamentary group's retreat at Kloster Seeon monastery in Seeon, southern Germany, on January 3, 2019.

German Interior Minister Horst Seehofer, outgoing leader of the conservative Christian Social Union (CSU) party on 3 January 2019. Photo: Matthias Balk / dpa / AFP

Immediate suspicion fell on right-wing groups in Germany, and Russia - which has been accused of cyber attacks in Germany before - is also suspected.

German security analyst Sven Herpig said the method used and the timing - so close to elections at the European Parliament and four German state elections - pointed to Russian influence.

An information security analyst said there was speculation email software weaknesses could have been exploited to get social media passwords used by those targeted.

The advent calendar-style releases, from 1 December to 28 December, started by featuring information on TV presenters, then rappers, and focused on politicians from 20 December. It was not until the evening of 3 January that officials became aware of the theft.

Who was targeted?

National and local political figures as well as some TV personalities had their details stolen:

  • Chancellor Angela Merkel: her email address and several letters to and from the chancellor appear to have been published
  • The main parliamentary groups including the ruling centre-right and centre-left parties, as well as The Greens, left-wing Die Linke and FDP. Only AfD appears to have escaped
  • Greens leader Robert Habeck, who had private chats with family members and credit card details posted online
  • Journalists from public broadcasters ARD and ZDF as well as TV satirist Jan Böhmermann, rapper Marteria and rap group K.I.Z, reports say
  • Another TV satirist, Christian Ehring, is said to have had 3.4 gigabytes of data stolen and posted online, including holiday photos. Last year he won a court case brought by AfD leader Alice Weidel, who complained when he called her a "slut" on his TV show.
23 November 2018, Thuringia, Jena: At the state delegates' conference (LDK) of B90/Grüne Thüringens the federal chairman Robert Habeck speaks to the delegates.

Greens leader and federal chairman Robert Habeck Photo: AFP / Peter Endig / dpa

The true extent of damage caused by the leak is not yet known although Justice Minister Katarina Barley said it was a "serious attack".

"The people behind this want to damage confidence in our democracy and institutions," she said.

A government spokeswoman, Martina Fietz, said no sensitive data from the chancellor's office had been published. MPs, Euro MPs and MPs from state parliaments were affected, she said.

She said it was not yet clear whether the data was stolen by hackers, with some reports suggesting a lone leaker might have had access to sensitive data through their work.

Centre-left SPD MP Florian Post said he felt "quite shocked" by the leak of account statements and other details online, but he added that at least one file that had been posted was fake.

Although nothing politically explosive is known to have been leaked, the sheer volume of personal data involved suggests the consequences could be considerable, says Michael Götschenberg, a reporter for German broadcaster RBB, who researched the attack.

As Twitter's European headquarters are located in Dublin, the leak falls under the remit of the Irish data protection authority, national broadcaster RTE reports.

Hamburg authorities said they were working with the Irish Data Protection Commissioner to stop the spread of German politicians' data.