The majority of MPs have had their data exposed on the dark web, says new research conducted by the developers of one of the best VPN services, Proton, and digital risk protection agency Constella Intelligence.
In total, 443 out of 650 MPs currently sitting in the House of Commons have had their data leaked on the dark web – that's 68%. The information leaked included personal and login information, with MP's emails exposed 2,110 times. On average, MPs had their emails exposed 4.7 times, with the most frequently targeted MPs experiencing up to 30 leaks.
In addition, 216 plain text passwords – meaning they were not obscured or hashed in any way – associated with the breached accounts of MPs were also found. If these passwords were reused for multiple accounts, this could give hackers easy access to all of these accounts. The largest amount of passwords exposed for one MP was 10, leaving 10 of that MP's accounts vulnerable – potentially allowing hackers to access sensitive and confidential information.
Speaking of sensitive information, MPs also suffered social media leaks. LinkedIn profiles were leaked 117 times, and social media profiles potentially including personal information like Facebook, Twitter and Instagram were leaked 21, 21 and 16 times respectively. These exposures could have allowed hackers to gain access to MP's photo libraries, voice data, home addresses, bank account details, mobile phone numbers and contacts. The damage that could be done with this information is immense, from targeted phishing campaigns to identity theft to blackmail to creating convincing deepfakes.
The research was conducted to see if the personal and login information of political figures across the UK, EU and France had been posted on the dark web. The UK was the biggest culprit, with the majority of MPs having their details exposed via hacks or breaches of companies that said MPs signed up for using their parliamentary email—including Adobe, Dropbox and LinkedIn.
This was significantly worse than their EU and French counterparts, with less than 1 in 5 (18%) of the French National Assembly and Senate and less than half of MEPs (44%) having their personal data leaked to the dark web.
Among the almost 7 in 10 MPs to have their stolen data shared on the dark web are cabinet ministers, opposition front benchers and, worst of all, those on committees dedicated to looking after the UK's cybersecurity.
Next steps
In light of the upcoming UK General Election, Proton has called on the new government to "take cybersecurity seriously, and insist on better training for MPs on how to protect their own accounts". Proton has also outlined a series of cybersecurity measures that they strongly encourage all new MPs to take following the General Election to make their online accounts as secure as possible:
- Do use password managers to manage account logins and save passwords.
- Do use hide-my-email aliases that mask real your email when signing up to any online account.
- Do use strong, unique passwords for every online account.
- Do sign up for services that will alert you if your details have been exposed on the dark web.
The company has also contacted all political figures who have had their data exposed on the dark web, warning them of the leaks and urging them to update their login information.
This research demonstrates that anyone can be the victim of data breaches, hacks and other cybercrime, especially as MPs, who rightfully should be more careful with their data than the average person, have had such a large amount of their data exposed on the dark web. It highlights the undeniable importance of being careful with your data, from setting up MFA, to using strong, unique passwords, to changing passwords immediately on accounts that have been exposed.
Eamonn Maguire, Head of Account Security at Proton, said of the research's findings: “In today's digital landscape, robust cybersecurity practices are crucial, especially for those in positions of power. A single leaked password can lead to severe national security breaches, given the access that MPs possess. Many people underestimate their vulnerability, but the reality is that everyone is a potential target.
"Vigilance is essential for anyone in the public eye to safeguard both personal and national security, and we call on the new government after the General Election to take cybersecurity seriously, and for all MPs to adopt better account security practices."
More information and data from the research can be found on the Proton blog.