Over two-thirds of British MPs and nearly half of EU MEPs have had their email addresses leaked on the dark web, according to new research from cybersecurity firm Proton.
With upcoming elections in the UK and the EU, the findings underscore the urgent need for enhanced security measures to protect national security.
Proton’s collaboration with Constella Intelligence focused on the online security threats to 2,279 politicians from the European Parliament, the UK House of Commons, and the French National Assembly and Senate.
The research revealed that 918 politicians, or 40% of the total, have had their information exposed on the dark web.
Alarmingly, the leaked data included 697 plain text passwords, as well as dates of birth, physical addresses, IP addresses, and social media information, which could potentially lead to severe national security breaches.
British MPs were identified as the most affected group, with 68% of their checked email addresses appearing on the dark web.
One unnamed MP alone was implicated in up to 30 breaches. A total of 216 plain text passwords associated with these accounts were exposed, with even more available in hashed form, increasing the risk for MPs who reused passwords across multiple services.
In the EU, 44% of MEPs had their email addresses exposed. Among them, 92 MEPs were implicated in over 10 leaks each. French deputies and senators, while faring slightly better, still saw 18% of their email addresses leaked, with 320 associated passwords exposed in plain text.
The data leaks were traced back to breaches of third-party services such as LinkedIn, Dropbox, and Adobe.
Politicians had used their parliamentary email addresses to sign up for these platforms, which then became vulnerable to cyberattacks.
Recommendations for Safety
Proton has informed all affected individuals of the breaches.
To prevent future exposures, the company advises politicians to avoid using sensitive email addresses for third-party services.
Proton also recommends robust password practices, the use of password managers, email anonymization tools, and dark web monitoring services to enhance security.
“A single leaked password can lead to severe national security breaches, given the access that MEPs possess,” said Eamonn Maguire, Proton’s head of account security.
He emphasized the need for vigilance, especially for those in the public eye, to safeguard both personal and national security.