Crashtest Security Blog

How all organisations can learn from the hacking attack on politicians & public figures

Jan 15, 2019 8:38:00 AM / by Leonard Basse


Politicians seem to enjoy the new ways of communication they can have through the internet. Communication is no longer a one way street from politicians to the public but more of a town hall meeting where everyone is invited to share their opinion. Of course this is mostly good, but this virtual proximity doesn’t come without downside risk.

As the recent hacking attack on german politicians, artists and journalists shows, hackers are able to trick unknown users to gain access to their accounts and therefore their personal data.

Since there has been a lot of attention from the media, we wanted to summarise, what we can learn from this event.


First of all, what happened?

Allegedly, a 20 year-old student from Homberg, Germany hacked social media accounts, stole personal data of approx. 1000 people (mainly politicians) and published it via Twitter. By hacking the account of a famous YouTuber, the attacker was able to share malicious links through his profile.

The main motive of the alleged hacker is said to be attention seeking, as he also „mistakenly“ dropped hints on how he extracted data or got into people’s accounts. Another indicator for this is, that mostly „only“ contact data was published instead of more sensible data.


What happens now?

The lack of security in Germany’s IT landscape has been shown in public media once again. Many politicians are pleading for laws that enforce 2-Factor-Authentication and strong passwords to be used by major software companies.

“We are not securing data, we are securing people.” — Katarina Barley

But the problem is of human nature. “Not every politician does this”, said Katarina Barley (SPD) about the method of Two Factor Authentication that she has already been using. In the Talk Show “Maybrit Illner”, she also pointed out that security has been seen as a “progression brake” for too long and the issue not about securing data but rather about securing people.


What can we learn from it?

Generally, 2-Factor-Authentication and strong passwords are a must and should therefore be mandatory for every company dealing with sensible data. But this has been known and should have already been implemented.

The bigger problem is the human side of the hacking attack. If employees — even highly educated government members — aren’t taught how to use social media or other web services securely, no software or encryption can prevent a data breach.

Data security always turns into a public issue once politicians or other public figures are attacked, but any company dealing with important customer or business data can be the victim of such an attack and in these cases it can get extremely costly for the companies involved.

Because this is an issue affecting every single one of us we want to give you a few points to remember when it comes to your IT security.

  • Establish 2-Factor-Authentication in your organisation!
  • Use only strong password (a password manager might help)!

But most importantly:

  • Educate your colleagues, friends and customers on security issues! After all, they are all part of your network…

First published on:


Topics: SecurityManagement

Leonard Basse

Written by Leonard Basse

I write about IT Security news, practices and events.

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics