Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online.
Contacts, private chats and financial details were put out on Twitter that belong to figures from every political party except the far-right AfD.
Data from celebrities and journalists were also leaked.
It is unclear who was behind the attack, which emerged on Twitter in the style of an advent calendar last month.
German Interior Minister Horst Seehofer said the authorities were working hard to find the perpetrator. There was, he said in a statement, as yet no evidence that German parliamentary or government systems had been compromised.
The leak appears to have originated on a Twitter account operated from Hamburg and the authorities in the north German city say they are now working with the Irish Data Protection Commissioner to stop the spread of German politicians’ data.
As Twitter’s European headquarters are located in Dublin, the leak falls under the remit of the Irish data protection authority, national broadcaster RTE reports.
How extensive was the attack?
The true extent of damage caused by the leak is not yet known although Justice Minister Katarina Barley said it was a “serious attack”.
“The people behind this want to damage confidence in our democracy and institutions,” she said.
A government spokeswoman said no sensitive data from the chancellor’s office had been published. MPs, Euro MPs and MPs from state parliaments were affected, said Martina Fietz.
She said the government was not yet certain that the data had been stolen by cyber-hackers. Some reports suggested a lone leaker might have had access to sensitive data through their work.
Although nothing politically explosive is known to have been leaked, the sheer volume of personal data involved suggests the consequences could be considerable, says Michael Götschenberg, a reporter for German broadcaster RBB, who researched the attack.
The now-suspended Twitter account, identified by German media as @_0rbit, was followed by more than 17,000 people.
Although documents had been posted on the account from 1 December to 28 December, it was not until Thursday evening that officials became aware of the theft.
Bild newspaper said all the data stolen in the attack dated back to before October 2018 but it was not clear when it began.
How was the hack carried out?
Interior Minister Seehofer said preliminary analysis showed the data had been obtained through “wrongful use of log-in information for cloud services, email accounts or social networks”.
A cyber analyst told the BBC there was speculation that hackers might have exploited weaknesses in email software to get hold of passwords that those targeted had also used on social media accounts.
Data was published in Advent calendar-style daily releases on Twitter. The first “doors” at the start of December featured TV presenters, then rappers, and from 20 December it focused on politicians.
Who exactly was targeted?
National and local political figures as well as some TV personalities had their details stolen:
- Chancellor Angela Merkel: her email address and several letters to and from the chancellor appear to have been published
- The main parliamentary groups including the ruling centre-right and centre-left parties, as well as The Greens, left-wing Die Linke and FDP. Only AfD appears to have escaped
- Greens leader Robert Habeck, who had private chats with family members and credit card details posted online
- Journalists from public broadcasters ARD and ZDF as well as TV satirist Jan Böhmermann, rapper Marteria and rap group K.I.Z, reports say
- Another TV satirist, Christian Ehring, is said to have had 3.4 gigabytes of data stolen and posted online, including holiday photos. Last year he won a court case brought by AfD leader Alice Weidel, who complained when he called her a “slut” on his TV show.
- Centre-left SPD MP Florian Post said he felt “quite shocked” by the leak of account statements and other details online, but he added that at least one file that had been posted was fake.
Who was behind attack?
Immediate suspicion fell on right-wing groups in Germany as well as Russia.
German cyber-security analyst Sven Herpig said Russia was a suspect, first because of the method used but also because Germany was facing four state elections in 2019 as well as elections to the European Parliament.
However, the fact that no right-wing politicians were targeted while prominent figures who had criticised them had been, suggested domestic right-wingers may also have been responsible, he told the BBC.
Russia has been accused of cyber-attacks in Germany before.
In 2015, data was stolen from computers in the Bundestag. And last year the government’s IT network came under attack amid reports that Russian hackers were also to blame.
UK-based expert Graham Cluley said the breadth of the latest attack suggested it was a co-ordinated effort involving a determined group over many months.
“This hack clearly isn’t about extortion or financially motivated. This is about attempting to destabilise Germany society,” he told the BBC.