Hacked personal data of hundreds of German politicians was trickled out on Twitter for more than a month before government officials caught wind of it.
The data, posted by a Twitter user named @_0rbit, included personal information on German Chancellor Angela Merkel, as well as phone numbers, documents and email addresses for top German politicians.
The hack affected members of all German political parties with the exception of Alternative for Germany (AfD), the country’s far-right political group. The first post published on Dec. 1 and the hacker was posting daily updates until Friday, when Twitter suspended the account.
It’s unclear why no one was aware of the data leak until Friday.
Though the Twitter account was suspended, the hacker provided multiple back-up links for people to download the breached files. The takedown is part of a new Twitter policy, announced last October, that bans accounts involved in posting hacked material.
‘Posting a person’s private information without their permission or authorization is a direct and serious violation of the Twitter Rules,’ a company spokesperson said in an email. Twitter is investigating the issue and will take action if necessary.
The hack affected German politicians at every level, from those in city government to European parliaments, Martina Fietz, a spokeswoman for Chancellor Merkel, told CBS News. ‘The German government takes this incident very seriously,’ Fietz said.
Germany’s federal office for information security, the BSI, said in a tweet on Friday that it was investigating the hack with the National Cyber Defense Center. It hasn’t found any evidence that the government’s network was affected by a cyberattack.
While the documents contain personal information, such as credit card numbers and private conversations, no politically scandalous documents have surfaced from the leak.
The German government warned that some of the leaked documents could have been doctored, and said it’s still verifying all the leaked data.
The BSI is investigating whether the data came from a single attack or multiple attacks over several years. Germany’s parliament was hacked in 2015, which it attributed to the Russian government.
Hacking politicians has become a tactic for disrupting democracy, as the 2016 US presidential election demonstrated. Last July, the US Department of Justice charged 12 Russian hackers for stealing emails from the Democratic National Committee. The hacked emails were posted on WikiLeaks and included speeches from Hillary Clinton and conversations from John Podesta, her campaign manager.
‘Following Wikileaks, and the hacking of Hillary Clinton’s emails, we are seeing cyberattacks become a serious method to meddle in democratic processes,’ said Max Heinemeyer, the director of threat hunting at cybersecurity company Darktrace. ‘However, the real motivations behind this attack currently remain unclear.’