BERLIN — Germany is scrambling to identify who is behind a major hack that exposed data on hundreds of politicians, journalists, comedians and activists.
In a “countdown” to Christmas, hackers used a Twitter account to leak details of private emails, Facebook messages, cell phone numbers and photographs on an almost daily basis over a four-week period starting in early December.
The data dump included information about Chancellor Angela Merkel as well as members of the national parliament, regional state parliaments, the European Parliament and local officials. Among political parties, only the far-right Alternative for Germany (AfD) appears not to be affected.
In a country still alarmed by a large-scale hack in 2015 when intruders roamed around freely in the German parliament’s network for weeks, officials are not just worried about the breach itself. They are also alarmed that nobody apparently noticed it had happened until early January.
From December 1 to 24, in the style of an advent calendar, a new link was posted each day, leading to new documents.
“The German government takes this incident very seriously,” deputy government spokesperson Martina Fietz said Friday, less than 12 hours after a local broadcaster broke the news about the incident.
Merkel’s office did not know about the breach before Thursday night, Fietz told reporters. The news triggered an emergency meeting of the national cyberdefense body Friday morning, and authorities are now working “flat out” to examine how the information was obtained, she said, adding that the data contains no “sensitive” information about Merkel.
To disseminate the data, hackers uploaded it to various online platforms that allow for sharing content anonymously.
Afterward, they posted links to the files to a Twitter account, which had over 18,000 followers on Friday before it was suspended.
From December 1 to 24, in the style of an advent calendar, a new link was posted each day, leading to new documents. One additional link was posted on December 28.
The leaked data, parts of which were seen by POLITICO, includes home addresses, the scans of national ID cards and bank account information.
Government officials dodged questions Friday about how authorities could have missed the release of the sensitive documents for more than a month.
But Fietz cautioned that although some information in the data dump may be authentic, previous experience suggests that such breaches can — and often do — include fake data.
“That’s why everyone who deals with this data should exercise the greatest caution,” she said.
Authentic, outdated, fake?
While much of the released information seems authentic — although, in some cases, outdated — at least some of it appears to be fabricated or is disputed, media reports suggested.
Florian Post, a member of the German parliament for the Social Democrats, told German news agency DPA that he has never seen at least one message attributed to him in the breach.
How the hackers obtained the vast troves of information on a broad range of public figures remains unknown.
A spokesman for the interior ministry, which oversees cybersecurity, declined to comment on whether the published information was stolen during a hacking attack or could have been leaked by someone with regular access to it.
Members of the German parliament affected by the breach complained that they were informed about it Thursday evening by outsiders rather than Germany’s security apparatus.
“It’s absurd that we are being notified about this by worried citizens,” said one Bundestag official, speaking to POLITICO on the condition of anonymity to prevent attracting further attention to his name.
“We would have hoped to get such a warning from the German Federal Office for Information Security, or from Germany’s domestic security agency, which is in charge of counterintelligence,” he added.