A 20-year-old hacker has been using Twitter to leak private details belonging to hundreds of German politicians, celebrities and public figures, including German Chancellor Angela Merkel.
The Twitter Dump
Over several weeks last December, a Twitter account run by an individual calling themselves “G0d”, later identified as a 20-year-old German student, posted links to the sensitive information, which included email addresses, phone numbers, and personal chats. The data dump was finally noticed by a German publican on January 3rd.
The account, which was quickly shut down, had more than 18,000 followers and described its activities as “security researching” and “satire and irony”. Google and Bitly also pulled the plug on the blogs and links the hacker had used to host files containing the information.
German authorities are still investigating the data dump, which remains online over dozens of still-functioning mirror links. Fortunately, no sensitive material on Chancellor Merkel has been released.
A government spokeswoman, Martina Fietz, said the leaks affected politicians of all levels including those in the European, national and regional parliaments. “The German government is taking this incident very seriously,” she said, adding that faked documents could be among the cache.
A 20-year-old man has confessed to the hacking, saying he took advantage of passwords as weak as “Iloveyou” and “1234” to hack into online accounts of hundreds of lawmakers and personalities whose political stances he disliked, ruffling Berlin’s political establishment and raising questions about data security in Europe’s leading economy.
Working from his computer in his parents’ home, the young man used relatively simple techniques to hack into successive accounts, the authorities said.
The attack raised new questions about whether the government had structures in place to adequately help users safeguard their computers and sensitive personal information.
German officials are looking into whether it makes sense to further tighten the country’s already strict privacy laws, or requiring those software providers and companies running internet platforms to respond more swiftly to requests for data to be taken down.