Over two-thirds of British MPs and almost half of EU MEPs have had their email addresses leaked on the dark web.
That’s according to new research from cybersecurity firm Proton. With election season looming in the UK and the EU, the company partnered with Constella Intelligence to explore online threats to national security.
The team focused on 2,279 politicians in the European Parliament, UK House of Commons, and the French National Assembly and Senate. They found a whopping 918 — 40% of the total — have had information exposed on the dark web.
To make matters worse, the email addresses were matched with 697 plain text passwords. Dates of birth, physical addresses, IP addresses, and social media information were also exposed.
These troves of data could not only unmask sensitive communications, but also leave politicians vulnerable to blackmail or coercion.
“A single leaked password can lead to severe national security breaches, given the access that MEPs possess,” said Eamonn Maguire, Proton’s head of account security.
Politicians on the dark web
According to Proton, the data leaked in hacks or breaches of third-party services including LinkedIn, Dropbox, and Adobe. The politicians had signed up to these platforms with their parliamentary emails.
British MPs were the most persistent offenders. A whopping 68% of their checked email addresses have appeared on the dark web. One unnamed MP alone suffered up to 30 breaches.
A total of 216 passwords associated with the breached accounts were exposed in plain text. Even more of them were available in hashed form. Any MPs who reused these passwords for multiple services face elevated risks.
In the EU, meanwhile, 44% of MEPs had had email address exposed on the dark web. Ninety-two of them were implicated in over 10 leaks.
French deputies and senators fared better at 18%, but they have little to celebrate. A total of 320 passwords associated with their breached accounts have been exposed in plain text.
Safety measures
Proton said every victim has been informed of the leaks. To evade future exposure, the company advises them to avoid signing up to third party services using sensitive email addresses.
Robust password practices are another vital safeguard. Proton also recommends password managers, email anonymisation tools, and dark web monitoring services.
“Many people underestimate their vulnerability, but the reality is that everyone is a potential target,” Maguire said. “Vigilance is essential for anyone in the public eye to safeguard both personal and national security.”