The dark web is full of UK MPs' leaked personal data

Union Jack flag and Big Ben, multiple exposure
(Image credit: Getty Images)

Over two-thirds of UK MPs have had their data leaked to the dark web. This counts for about 70% of politicians currently sitting in the House of Commons, including those who are supposed to look after the UK's cybersecurity.

This alarming data comes from a joint investigation between leading digital risk firm Constella Intelligence and privacy provider Proton. They recorded that a total of 443 out of 650 MPs have had some sort of personal details exposed in a hack or a breach, gathered from third-party services MPs have signed up to using their parliamentary email address.

British MPs proved to be far worse than European and French politicians when it comes to the security of their accounts, too. Less than half of the MEPs (44%) were affected and just 18% of the French National Assembly and Senate were reported to have their personal information leaked. Proton, a Swiss-based security software provider also behind one of the best VPN services on the market, now calls to the next UK government to finally "take cybersecurity seriously." 

"In today's digital landscape, robust cybersecurity practices are crucial, especially for those in positions of power. A single leaked password can lead to severe national security breaches, given the access that MPs possess," said Eamonn Maguire, Head of Account Security at Proton.

Researchers have found an alarming 216 plain text passwords associated with MPs’ breached accounts exposed in the dark web, up to 10 passwords exposed for just a single MP. Politicians' parliamentary emails were the biggest data involved in breaches, exposed 2,110 times on the dark web. While breached MPs faced exposure 4.7 times on average, the most frequently targeted suffered up to 30 breaches. 

These numbers are concerning as leaked emails and passwords can act as a master key to people's online accounts. Criminals use the tactic of "credential stuffing" to enter thousands of stolen passwords and email addresses across various platforms, exploiting people's tendency to use the same passwords for different accounts.

Social media profiles were also affected. Instagram profiles were breached 16 times, LinkedIn profiles 117 times, X handles 21 times, and Facebook accounts 21 times. This is especially dangerous as social media platforms contain a treasure of personal information.

Such staggering numbers aren't so surprising, though. Both organizations and individuals have been increasingly the target of cyberattacks and data breaches. In January 2024, the "Mother of all data breaches" saw 12 TB of data about 26 billion records leaked. There are reports of new data breaches almost daily now, with the latest involving 25,000 BBC employees

The risk is high for many, but evermore so for people in a position of power, like politicians, where a leak could become a matter of national security—especially, in a period where cyberwarfare is on the rise.

On this point, Maguire said: "Vigilance is essential for anyone in the public eye to safeguard both personal and national security, and we call on the new government after the General Election to take cybersecurity seriously, and for all MPs to adopt better account security practices."

Everyone can be a target

It's not just a concern for MPs, journalists, or other influential figures—everyone can be a target. The aims might be different, but the means to be involved in a hack don't change.

"Many people underestimate their vulnerability, but the reality is that everyone is a potential target," said Maguire.

This is why Proton is calling for MPs—but this can be extended to all of us—to take some steps to make sure online accounts are as secure as they can be.

As a rule of thumb, Proton suggests MPs avoid signing up for third-party services using their parliamentary email addresses. 

Using a reliable password manager tool is also beneficial to help you find strong passwords and remember them—Proton has its own, Proton Pass, free of cost. Email aliases are also handy for masking your real email accounts when signing up, and signing up for data alert software will notify you every time your details are leaked. 

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to