Read the original report, which has all our findings to date
The email addresses of Danish, Dutch, and Luxembourgish politicians are available publicly (this is how we found them), so the fact that we found them in dark marketplaces where info is illegally bought and sold isn't, in itself, a security failure . We're also not suggesting these parliaments suffered a cyberattack or that this information was stolen. In the vast majority of cases, these official email addresses ended up on the dark web as part of a data breach by a common service provider, like Adobe, Dailymotion, Dropbox, LinkedIn, or news services.
However, these politicians should never have used their official email addresses to create such an account. This makes it easy for attackers to quickly identify politicians' accounts. Next, they can check if any passwords are associated with these email addresses. Between the Danish, Dutch, and Luxembourgish politicians we looked at, we found 139 passwords in plaintext. That's potentially 139 compromised accounts — and it could be many more if any of these politicians reused exposed passwords elsewhere.