Proton
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone

Danish, Dutch, Luxembourgish politicians have details leaked on dark web

In the latest installment of our investigation with Constella Intelligence(nieuw venster) into the cybersecurity risks politicians face, we found that 41% of Danish members of parliament have had their official email address exposed on the dark web, one of the highest percentages in the EU. We also looked at the Dutch and Luxembourgish parliaments, which had 18% and 16% of their members’ email addresses exposed, respectively.   

Read the original report, which has all our findings to date

The email addresses of Danish, Dutch, and Luxembourgish politicians are available publicly (this is how we found them), so the fact that we found them in dark marketplaces where info is illegally bought and sold isn’t, in itself, a security failure. We’re also not suggesting these parliaments suffered a cyberattack or that this information was stolen. In the vast majority of cases, these official email addresses ended up on the dark web as part of a data breach by a common service provider, like Adobe, Dailymotion, Dropbox, LinkedIn, or news services. 

However, these politicians should never have used their official email addresses to create such an account. This makes it easy for attackers to quickly identify politicians’ accounts. Next, they can check if any passwords are associated with these email addresses. Between the Danish, Dutch, and Luxembourgish politicians we looked at, we found 139 passwords in plaintext. That’s potentially 139 compromised accounts — and it could be many more if any of these politicians reused exposed passwords elsewhere.

We explore the Danish, Dutch, and Luxembourgish leaks in greater detail below and explain why politicians must take their cybersecurity seriously. 

Politicians’ data exposed

We found much more than just emails and passwords during this investigation. While we’re not sharing any identifying information for obvious reasons, sensitive information like dates of birth, residence addresses, and social media accounts were linked to these politicians’ email addresses. (We also informed every affected politician that they had sensitive data exposed on the internet before publishing this article.) 

Attackers can easily buy this information and use it to create convincing phishing campaigns or social engineering attacks.

Number of email addresses searchedNumber of breached email addressesNumber of passwords exposedNumber of passwords exposed in plaintext
Danish Parliament179749369
Dutch Parliament225413532
Luxembourgish Parliament60104338
Chart showing 41% of Danish politicians have personal data exposed on dark web

Over 40% of Danish politicians have email addresses leaked

At 41%, Danish politicians have one of the highest rates of email address breaches in Europe. The email addresses of 74 of the 179 members of the Danish parliament appear a total of 555 times on the dark web. One politician had their email address exposed in 25 separate breaches, along with eight passwords exposed in plaintext. This should be a major concern as Danish politicians and infrastructure have been the target of significant cyberattacks. 

In June 2024, the Danish Center for Cyber Security(nieuw venster) raised the threat level for cyberattacks to “Medium”, or three out of five, specifying that this was largely due to the threats from Russia. This follows an attack in May 2023 where the Russian hacker group NoName057(16) took the Danish Parliament’s website offline(nieuw venster) with a DDoS attack. Immediately after this attack, another hacking group exploited a zero-day vulnerability in un-updated firewalls to attack 22 organizations that operate and oversee Denmark’s energy infrastructure(nieuw venster) in the largest cyberattack in Denmark’s history. The main suspect is Sandworm (also known as Voodoo Bear and Seashell Blizzard), a hacking group affiliated with Russia’s intelligence service that performed similar attacks on Ukraine’s energy infrastructure.

Chart showing 18% of Netherlands politicians have personal data exposed on the dark web

The Netherlands’ lower house of parliament has three times as many breaches as the upper house

While Dutch politicians had relatively few email addresses exposed on the dark web overall (18%), there is a major discrepancy between the lower house (Tweede Kamer) and the upper house (Eerste Kamer). We searched for all 150 Tweede Kamer members’ email addresses and found 36 of them, or 24%. Meanwhile, out of the 75 members of the Eerste Kamer, we found the official email addresses for only five, roughly 6.7%. It’s the second largest disparity between houses we’ve seen in our investigation — only France has a higher one. There, 8.8% of the National Assembly had their email address exposed compared to 33% of the Senate.

The Netherlands has suffered multiple cyberattacks targeting critical networks. In September 2024, an unspecified “state actor” accessed the work-related contact information of all 63,000 members of the Dutch police force(nieuw venster). Just three months earlier, as the elections for the EU Parliament began in June, the Russian hacker group HackNeT took down two Dutch political parties’ websites(nieuw venster) using DDoS attacks. And in February 2024, authorities revealed that Chinese hackers had broken into the Dutch military’s network(nieuw venster). This represents multiple failures to protect sensitive information in the span of a year, underlining why politicians must be careful. 

Chart showing 16% of Luxembourgish politicians have personal data exposed on the dark web

Luxembourg politicians have most passwords exposed per individual

Luxembourg has a relatively small parliament, but we still only found the official email addresses of 10 of its 60 members on the dark web (16%). However, Luxembourgish politicians have had a lot of passwords exposed and in plaintext — 38 to be exact — more than the entire Dutch parliament. However, this seems to be driven by one politician who had 29 of their passwords exposed in plaintext. While this is high and a major security vulnerability — each plaintext password is potentially a compromised account — it’s still nowhere near the worst offender we found in our investigation. That remains the French politician who had 138 passwords appear in plaintext on the dark web (their email appeared 137 times as well). 

Similar to other countries we’ve looked at, Luxembourg has had multiple government websites taken down due to DDoS attacks by Russian hackers. For one two-week stretch in 2024, from the end of March through the beginning of April, Russian hackers attacked websites(nieuw venster) for the ministries of finance and justice, Luxembourg’s official statistics agency, and its national health fund, taking them offline repeatedly(nieuw venster)

We all must be more secure online – but especially government officials

As the examples above show, state actors affiliated with China and Russia are persistently probing European countries for any cracks in their cybersecurity. Even if none of these exposed email addresses leaked confidential information, they could be added to attackers’ databases, giving them one more piece of information they can leverage. And if a politician reused an exposed password on an official account (and neglected to use two-factor authentication), that could directly lead to a massive leak. 

We can all learn from this. One of the biggest things to take away is you should never expose any personally identifiable information unnecessarily. Or, in this case, you should never use your professional email to create online accounts, especially if you’re a government official with access to secret information. Breaches happen all the time. If you create accounts using a government email, it’s only a matter of time before one will be leaked in a data breach. Then attackers instantly know they have information on a high-value target. 

Here are some other easy steps that everyone — but especially politicians and other high-profile or public figures — can take to strengthen their account security:

  • Use email aliases: Email aliases hide your real email address while still letting you send and receive emails. If you never share your real email address, it can’t be leaked in a data breach. You can also delete aliases that have been exposed in leaks without needing to reset all your other accounts.
  • Use a password manager: A password manager makes it easy for you to use a strong, random, and unique password for each of your accounts. It should also provide ways to securely share passwords, making it easier to avoid having them fall into the wrong hands. 
  • Use dark web monitoring services: Given how much trust we’re forced to give the companies we create accounts for, everyone should use some form of dark web monitoring to alert you if your information appears in these illegal marketplaces. This at least gives you a chance to update your email (or email alias) and password before anyone can exploit it.

Proton Pass can solve all of these problems. If you choose our Proton Pass Plus plan, you get:

  • Unlimited hide-my-email aliases
  • A password generator
  • Support for passkeys
  • A built-in two-factor authentication code generator
  • Pass Monitor, which alerts you if your Proton Mail email addresses or aliases appear on the dark web
  • Proton Sentinel, which defends your Proton Account against takeover attacks

Take control of your account security (and, if you’re a parliamentarian, help avert a national scandal) by signing up for a Proton Pass Plus plan today.

Bescherm uw wachtwoorden
Maak een gratis account

Gerelateerde artikelen

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.
A collage of images depicting the function of Suggesting mode for Docs in Proton Drive
en
  • Voor bedrijven
  • Productupdates
  • Proton Drive
Gather feedback, track changes, and more with Docs in Proton Drive, a secure alternative to Google Drive from the privacy experts at Proton.