Majority of UK MPs have had their data leaked to the dark web
More than two-thirds of British politicians have had their data leaked to the dark web, according to the latest data.… Continue reading Majority of UK MPs have had their data leaked to the dark web The post Majority of...
More than two-thirds of British politicians have had their data leaked to the dark web, according to the latest data.
68% of British politicians currently sitting in the House of Commons. That includes some who are supposed to be in charge of the UK’s cybersecurity.
The new data stems from a joint investigation between digital risk firm Constella Intelligence and privacy service Proton. Out of 650 MPs, 443 have had some form of personal data using details exposed on the dark web, mostly gathered from third-party services MPs have signed up to via their parliamentary email addresses.
This compares to just 44% of EU MEPs. While that’s still a worrying percentage at just under half, French deputies and senators had the best security, with only 18% of searched emails appearing in hacker exchanges.
“The fact that these emails, which are publicly available on government websites, are on the dark web isn’t a security failure by itself,” wrote Richie Koch, editor for Proton. “Nor is it evidence of a hack of the British, European, or French parliaments.
“Instead, it shows that politicians used their official email addresses to set up accounts on third-party websites (which were later hacked or suffered a breach), putting themselves and the information they’re entrusted to keep safe needlessly at risk.”
What personal data from MPs were hacked?
216 plain text passwords associated with MPs’ accounts were exposed on the dark web, breaking down to including up to 10 passwords exposed for a single MP. However, parliamentary emails were the biggest piece of data involved, being exposed 2,110 times. Those most frequently targeted faced up to 30 breaches.
While emails may not seem like a major concern, the combination of those with passwords can unlock a lot more doors to users’ online accounts. Cybercriminals will often use the tactic of ‘credential stuffing’ to enter thousands of stolen passwords and emails into different platforms, in the hope of gaining access to different accounts.
What’s more, some social media profiles were also affected, including 16 breaches of Instagram profiles, 117 of LinkedIn, 21 of X, and 21 of Facebook. This risk to personal information on social media profiles.is especially alarming.
This isn’t the first time that the UK government has suffered a data breach, with an accusation leveled at China for hacking the British Ministry of Defence.
Featured image: Unsplash