The information includes email addresses, mobile phone numbers, photos of IDs and personal chat transcripts, according to an initial review by Bloomberg News on Friday. The data was leaked over the past weeks via a Twitter account called “G0d” that identifies itself as based in Hamburg and describes itself using the words “security researching,” “artist” and “satire & irony.”
It looks like the hackers got the passwords to Facebook accounts and Twitter profiles and worked their way up from there, said Simon Hegelich, a political scientist at Munich’s Technical University who has studied the manipulation of social networks.
“It’s a very elaborately done social engineering attack,” he said Friday by phone. “It’s a lot of data that’s been dumped.” The German government is taking the attack “very seriously,” spokeswoman Martina Fietz said.
The country has seen a range of intrusions in recent years. Hackers tried to infiltrate computers of think tanks associated with the governing CDU and SPD parties in 2017. A year earlier, scammers set up a fake server in Latvia to flood German lawmakers with phishing emails.
In 2015, attackers breached the network of the Bundestag parliament and stole 16 gigabytes of data. Security firm Trend Micro has linked the Bundestag attack and others to Pawn Storm, a group with ties to Russia — whose government has repeatedly denied it’s hacking foreign powers.