What types of data were exposed?

The exposed data includes names, email addresses, dates of birth, home addresses, passwords (including plaintext), and social media account links.

How many passwords were discovered during the investigation?

A total of 2,545 passwords were discovered across all regions examined, with some of them in plaintext.

What was the extent of exposure for British MPs?

British MPs had the highest exposure, with 68% of the 650 searched email addresses appearing on dark web marketplaces. MPs’ email addresses were associated with 2,110 breaches, with the average MP experiencing 4.7 breaches.

How many European Parliament members' emails were exposed?

Nearly 44% of European Parliament members' emails were exposed, with 309 out of 705 breached. The breaches included 161 plaintext passwords.

How did French politicians perform in terms of security?

French politicians had better security overall, with only 18% of their email addresses exposed on the dark web. However, French senators were more vulnerable (33%) compared to deputies (9%).

What was the exposure rate for US political staffers?

Of the 16,543 US political staffers' email addresses examined, 20% (3,191) were exposed, along with 2,975 passwords, including 1,848 in plaintext.

What was the cause of the data exposure?

The leaks were not due to direct hacks of government systems. Instead, they were caused by politicians and staffers using their official email addresses to register on third-party websites, which were later breached.

Why is this exposure a major cybersecurity risk?

The exposure of sensitive data, particularly plaintext passwords, poses a significant cybersecurity risk. If exposed passwords are reused for official accounts, it could endanger official government email systems and lead to potential national security issues.

Knowledge

Proton warns that data of thousands politicians leaked on the dark web

Q: What was the scope of the data breach investigation?

The investigation uncovered that the email addresses and sensitive information of over 4,109 British MPs, European Parliament members, French deputies and senators, and U.S. political staffers were exposed on the dark web.

Q: Who conducted the investigation?

The investigation was conducted by Constella Intelligence and Proton in two phases in May and September 2024.

published: Sept. 24, 2024

Take action: Never recycle passwords on multiple sites, and don't use official email address to register to internet services unless those services are used for company work. Too many companies get hacked and all the data you have entered is stolen and sold. If you can be identified with an official email address, all that stolen data can be abused in various ways - from phishing and scams to full identity theft.

Learn More

An investigation uncovered that the email addresses and sensitive information of over 4,109 British MPs, European Parliament members, French deputies and senators, and U.S. political staffers were exposed on the dark web.

The investigation, conducted by Constella Intelligence and Proton in two phases — May and September 2024 — aimed to assess the security of official government email addresses used by these individuals.

The investigation revealed that sensitive personal information, including dates of birth, home addresses, and social media accounts, was linked to these official email addresses. Additionally, 2,545 passwords, some in plaintext, were discovered across all regions examined.

British MPs: British MPs faced the highest exposure, with 68% of the 650 searched email addresses appearing on dark web marketplaces. MPs’ email addresses were associated with 2,110 breaches, with the average MP experiencing 4.7 breaches.
European Parliament: Nearly half (44%) of EU MEPs' email addresses were found on the dark web, with 309 breached out of 705 searched. The breaches included 161 passwords in plaintext.
French Politicians: French deputies and senators performed the best in terms of security, with only 18% of emails exposed on the dark web. However, French senators were more vulnerable (33%) compared to deputies (9%). One French politician had 137 breaches, the highest among all individuals studied.
US Political Staffers: Of the 16,543 US political staffers’ email addresses examined, 20% (3,191) were exposed, along with 2,975 passwords, including 1,848 in plaintext.

The leaks were not due to direct hacks of government systems but rather due to politicians and staffers using their official email addresses to register on third-party websites, which were later breached. These websites included services like LinkedIn, Adobe, Dropbox, and even dating platforms.

Exposed Data Types:

Names
Email addresses
Dates of birth
Home addresses
Passwords (including plaintext)
Social media account links

The exposure of this data, especially plaintext passwords, presents a major cybersecurity risk. If individuals reuse these exposed passwords for their official government accounts, their official email systems could be at risk, potentially leading to severe national security issues.

Proton warns that data of thousands politicians leaked on the dark web

Read More
State of (in)security - Week 1, 2025
State of (in)security - Week 40, 2025
State of (in)security - Week 13, 2025
State of (in)security - Week 5, 2024
Thousands of SonicWall firewalls have an unpatched management …