Berlin-Private data stolen from hundreds of German politicians including Chancellor Angela Merkel have been published online, the government said Friday, in a stunning breach of cyber security.
The information, which comprised home addresses, mobile phone numbers, letters, invoices and copies of identity documents, was first released via Twitter in December but its spread gathered pace this week.
It was not immediately clear whether the officials were targeted by hackers or the victims of an internal leak of the data, some of which dates back to 2017.
“Personal data and documents belonging to hundreds of politicians and public figures were published on the internet,” government spokeswoman Martina Fietz said.
“The government is taking this incident very seriously.”
Among those affected were members of the Bundestag lower house of parliament and the European Parliament as well as regional and local assemblies, she said.
Deputies from all parties represented in the Bundestag were targeted, as well as President Frank-Walter Steinmeier, an interior ministry spokesman said.
However Christian Lueth, parliamentary group speaker for the Alternative for Germany (AfD), later said that his party’s deputies were not hit by the attack and the interior ministry later confirmed this.
– ‘Satire and irony’ –
Fietz said a preliminary investigation indicated that “no sensitive information or data” from Merkel’s office had been leaked.
Berlin’s political establishment nevertheless reacted with alarm.
“Whoever is behind this wants to damage faith in our democracy and its institutions,” Justice Minister Katarina Barley said in a statement.
The far-left Linke’s parliamentary group chief, Dietmar Bartsch, called it “an attack on democracy”.
Beyond politicians, the leak also exposed the private data of celebrities and journalists, including chats and voicemail messages from spouses and children of those targeted.
The daily Bild and public broadcaster RBB first reported the leak.
Bild said it was not clear when the data theft began but said it continued until the end of October.
“At first glance, it does not seem that politically sensitive material was included,” RBB said.
“However the damage is likely to be massive given the volume of personal data published.”
The interior ministry spokesman said it was unclear who was behind the data dump, which derived both from social media and private “cloud” data.
A deputy from Merkel’s Christian Democratic Union party, Patrick Sensburg, pointed the finger at right-wing extremists.
“I assume this was a hacker attack by people close to the AfD,” he told the daily Handelsblatt.
Fietz said the amount of Merkel’s data that was exposed was “not excessive” but warned that some of the documents and information published might have been faked.
Given the vast range of data hoovered up, IT experts said it seemed unlikely that it was taken from a single source.
Parliamentary group leaders were notified of the attack late Thursday and the Federal Office for Information Security (BSI) and the domestic intelligence service said they were investigating.
“According to our current information, government networks have not been targeted,” BSI tweeted.
The Twitter account @_0rbit published the links every day last month, along the lines of an advent calendar with each link to new information hidden behind a “door”.
The account, which calls itself G0d, was opened in mid-2017 and purportedly has more than 18,000 followers.
It described its activities as “security researching”, “artist” and “satire and irony” and said it was based in Hamburg.
– Account suspended –
A link to Merkel’s data showed two email addresses used by the chancellor, a fax number and letters apparently written by her and to her.
By midday Friday, Twitter had suspended the account.
Last year, the domestic intelligence service, the Office for the Protection of the Constitution, said there had been repeated cyberattacks against MPs, the military and several embassies that were allegedly carried out by Russian internet espionage group “Snake”.
Also known as “Turla” or “Uruburos”, the group — which targets state departments and embassies worldwide — is believed to have links to Russian intelligence.
Last March, computer networks belonging to the German government came under sustained attack and data from foreign ministry staff was stolen.
At the time, Moscow denied that Russian hackers were involved.