Twitter suspended on Friday an account that posted links to sensitive personal data and documents stolen by hackers from hundreds of German public figures and politicians — from every political party but the far-right Alternative for Germany.
The exposed material included addresses, cellphone numbers and chat records, along with banking, credit card and other financial information, German news media said.
The breach, discovered by journalists on Thursday, affected politicians at all levels, including the European, German and state parliaments as well as municipal officials, said Martina Fietz, a spokeswoman for Chancellor Angela Merkel. She said the country's cyber-defense agency was investigating.
Interior Minister Horst Seehofer said an initial analysis suggests that the material was obtained from cloud services, email accounts or social networks. He said there was no indication that federal government or parliament computer systems were compromised.
Fietz told reporters that "it appears, at first sight, that no sensitive information and data are included in what was published, including regarding the chancellor."
The German news agency dpa reported that the information included a fax number and email address belonging to Merkel and several letters to and from the chancellor.
Cybersecurity analysts compared the hack in scale and affected population to that of prominent U.S. Democrats including Hillary Clinton presidential campaign workers and other Americans targeted by state-backed Russian hackers in 2015-2016.
"This hack clearly isn't about extortion or financially-motivated. This is about attempting to destabilise Germany society," British security expert Graham Cluley blogged.
Some experts cautioned journalists not to link to or publish the exposed information, saying it would serve the interests of hackers and hurt the victims.
Public broadcaster RBB said there appeared to be no method to what was posted via a Twitter account. However, security experts and journalists who examined the documents said multiple copies were posted on mirror sites, indicating a serious investment of energy and time.
Although the data reportedly include information such as internal party communications and in some cases personal financial records and credit card details — some of the data years old — RBB said there appeared to be no politically sensitive documents.
The Twitter account listed as located in Hamburg was taken offline at midday Friday after gaining about 17,000 followers. It had been active since mid-2017. A related blog was also suspended by Google.
A Twitter spokesperson would not comment other than to say the incident was under investigation. The spokesperson said the company recently updated its rules to prohibit the posting of "hacked material that contains private information, trade secrets or could put people in harm's way."
The links it posted led to information on politicians from all parties in parliament except Alternative for Germany that had been shared in daily batches before Christmas along with data on YouTubers and other public figures that media reports said included journalists, comedians and artists. The last post was on Dec. 28.
The head of Germany's IT security agency, Arne Schoenbohm, said authorities had been aware of individual cases in December but material was posted online on a large scale Thursday evening. He said the agency believes data on about 1,000 people were involved, and confirmed that one party in parliament wasn't affected — though he wouldn't name it.
Schoenbohm said "a high two-digit number of attacks" were very successful, with accounts infiltrated and data and documents extracted. His agency was still working to figure out how the attack started and who was behind it. He said authorities couldn't rule out fake data having been mixed in with genuine information in the leaked data.
Germany has seen mounting cyberattacks on government and parliament computer systems since 2014 in which Kremlin-backed hackers were suspected. Berlin has been a leading backer of sanctions against Russia over its aggression in Ukraine.
German officials didn't comment Friday on whether there were any indications foreign intelligence services were involved, citing the ongoing investigation.
Tom Kellermann, the chief cybersecurity officer of Carbon Black, was among analysts saying the hack had all the hallmarks of Russian state-backed hackers.
He said it made perfect sense that none of the targets in this hacking campaign was from Germany's far right, and that it appeared aimed at "undermining the German political process and essentially stoking fires of the mob."
"It's in Russia's best interests for the far-right politicians to be successful," Kellermann added.
Frank Bajak contributed to this report from Boston.