In the latest installment of our investigation with Constella Intelligence(new window)into the cybersecurity risks political face, we found that 41% of Danish members of parliament have had their official email address exposed on the dark web, one of the highest percentages in the EU. We also looked at the Dutch and Luxembourgish parliaments, which had canada phone number data 18% and 16% of their members' email addresses exposed, respectively.
Read the original report, which has all our findings to date
The email addresses of Danish, Dutch, and Luxembourgish politicians are available publicly (this is how we found them), so the fact that we found them in dark marketplaces where info is illegally bought and sold isn't, in itself, a security failure . We're also not suggesting these parliaments suffered a cyberattack or that this information was stolen. In the vast majority of cases, these official email addresses ended up on the dark web as part of a data breach by a common service provider, like Adobe, Dailymotion, Dropbox, LinkedIn, or news services.
However, these politicians should never have used their official email addresses to create such an account. This makes it easy for attackers to quickly identify politicians' accounts. Next, they can check if any passwords are associated with these email addresses. Between the Danish, Dutch, and Luxembourgish politicians we looked at, we found 139 passwords in plaintext. That's potentially 139 compromised accounts — and it could be many more if any of these politicians reused exposed passwords elsewhere.