Proving that politicians are human after all. A new report reveals they experience the same cybersecurity risks as the citizens they represent. Over two-thirds of British MPs and almost half of EU MEPs have had their email addresses leaked on the dark web. 

A research team examined the online security of 2,279 politicians across the European Parliament, UK House of Commons, and the French National Assembly and Senate. They discovered that a staggering 918 politicians — 40% of the total — have had their information exposed on the dark web. 

Passwords and email addresses exposed

To make matters worse, someone matched the exposed email addresses with 697 plain text passwords. Using this information, cybercriminals could easily log into, and access, compromised systems. And when so many people, including politicians, reuse passwords, it is likely that many more services could be compromised.

Researchers also found other details exposed on the dark web including dates of birth, physical addresses, IP addresses, and social media information. These data leaks could not only unmask sensitive communications but also leave politicians vulnerable to blackmail or coercion – by criminals or hostile nation states. 

The report goes on to warn that a single leaked password can lead to severe national security breaches, given the access that MEPs possess.

Hackers uncover sensitive details

Hackers or breaches of third-party services, including LinkedIn, Dropbox, and Adobe, leaked the data. Compromised politicians had used their parliamentary emails to sign up for these platforms.

British MPs were the most affected, with 68% of them having email addresses appearing on the dark web. One unnamed MP alone suffered up to 30 account breaches across platforms. In total, 216 passwords associated with the breached accounts were exposed in plain text. With even more available in hashed form. MPs who reused these passwords for multiple services face elevated risks. As do their constituents who may have shared deeply sensitive information with their parliamentary representatives.

In the EU, 44% of MEPs had their email addresses exposed on the dark web. With 92 of them implicated in 10 leaks or more. French deputies and senators were somewhat better at protecting their information. Only 18% of French politicians were compromised. But they still have reason for concerns. Someone has exposed 320 passwords associated with their breached accounts in plain text.

How you – and MPs – can better protect yourself

The reality is that the exact same problems face every internet user. In fact, the hackings that leaked this information on the dark web also highly likely contain thousands of passwords for normal citizens too.

To avoid future exposure, politicians and citizens must improve the way they use passwords (and sensitive email addresses). A password manager like Panda Dome Passwords is essential, allowing you to create strong, unique passwords for every service (and to not forget them!). And regularly conducting a dark web scan will tell you if your information has been leaked, allowing you to take action to protect yourself before hackers can take advantage.