German Data Breach

By Bunni Smith

The German government was subject to a massive breach of data on the fourth of January this year, with personal information of Bundestag members from all parties (with the exception of the Alternative for Germany) being posted to Twitter, including phone numbers, credit card information, and even private conversations with family members. The German news station RBB maintains that no politically sensitive documents were published, however.

Links to documents containing sensitive information were posted to Twitter during early December, under the guise of an advent calendar. There is no clear reason for why it took so long for the data breach to come to light. The account responsible for these postings, @_0rbit, described itself as an “artist” with interests in “security research” as well as “satire and irony”, says The Local. If convicted, he could face up to a three year prison sentence.

As of the following Tuesday, the German authorities have identified and arrested a twenty year old man who claims full responsibility for the attack, saying he acted alone and in response to “statements made by the politicians, journalists, and public figures concerned.” As many as a thousand Bundestag members have been affected by the breach. Police have also questioned 19-year-old Jan Schuerlein, an IT worker who had contact with the @_0rbit account.

This raises the question on whether Germany should increase security in their digital infrastructure. According to The Guardian, the factor that made the leak easiest was the amount of bad passwords. “I was shocked at how simple most passwords were: ILoveYou, 123. A whole array of really simple things.” says interior minister Horst Seehofer.

Some politicians are going as far as deleting their social media accounts, such as leader of the Greens party, Robert Habeck, who deleted his Twitter and says he is also terminating his Facebook- another platform on which private data was spread. Facebook has already been facing backlash about potentially selling its users data to large corporations- now it faces the issue of having private data exchanged on its platform for the purposes of defamation and doxxing.

In an ever-increasingly digital world, it’s important to remember that anyone can potentially be subject to having their personal information showcased on the internet- provided they don’t take the necessary steps to protect themselves. Whether or not the German government will take these steps remains to be seen.