A recent cybersecurity report reveals that the personal information of nearly half of the European Parliament members (44%) and over two-thirds (68%) of British MPs has been found on the dark web.
Registered for Online Accounts
The data breach occurred when lawmakers registered for online accounts using their official emails and provided personal details, according to findings published by cybersecurity firms Proton and Constella Intelligence and shared by ESET.
The breach highlights how cybercriminals exploited a compromised third-party provider to access and sell sensitive information on dark web forums, where it became accessible to other malicious actors, according to Ziare.
“Unfortunately, this situation isn’t limited to politicians or public figures,” said Phil Muncaster, an ESET cybersecurity expert. “Anyone can be affected—even those who follow security guidelines closely.”
700 Included Passwords
The study estimates that around 40% of email addresses belonging to MPs in Europe, the UK, and France were exposed.
Roughly 700 of these compromised emails included passwords stored in plain text, accessible on the dark web.
Combined with other publicly available details, such as birthdates and social media profiles, this information provides a rich source of data for identity theft, phishing attacks, and other forms of cyber fraud.
Data breaches at third-party sites are among the primary ways personal information ends up on the dark web. In the U.S. alone, 2023 saw a record 3,200 breaches, impacting over 353 million users.
Cybercriminals use various techniques to steal information, including phishing schemes, brute force attacks, and info-stealing malware disguised as legitimate apps or downloads.
Once personal information is listed on the dark web, criminals may use it to access banking accounts, craft targeted phishing emails, or impersonate individuals to scam their contacts.
Cybersecurity experts recommend several protective steps: change all exposed passwords, enable two-factor authentication (2FA), and monitor financial accounts for unusual activity.
Services like Google and Mozilla now alert users when passwords are compromised, and platforms like “Have I Been Pwned” allow users to check if their data has been breached.