all-in-one privacy solution":["Proton Unlimited è una soluzione completa per la privacy"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Niente pubblicità. La prima regola è la privacy."],"People before profits":["Le persone prima dei profitti"],"Security through transparency":["Più sicurezza grazie alla trasparenza"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Le migliori offerte di Proton Mail per il ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["L'unico servizio di posta elettronica al mondo supportato dalla community"]},"specialoffer:limited":{"${ hours } hour":["${ hours } ora","${ hours } ore"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Restano ${ hoursLeft }, ${ minutesLeft } e ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuto","${ minutes } minuti"],"${ seconds } second":["${ seconds } secondo","${ seconds } secondi"],"Limited time offer":["Offerta a tempo limitato"]},"specialoffer:listitem":{"Create multiple addresses":["Crea indirizzi multipli"],"Hide-my-email aliases":["Alias hide-my-email"],"Quickly unsubscribe from newsletters":["Annulla rapidamente l'iscrizione alle newsletter"],"Use your own domain name":["Utilizza il tuo nome di dominio"]},"specialoffer:logos":{"As featured in":["Ne hanno parlato"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Scegli un'email cifrata per proteggere la tua privacy"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Offerta Black Friday di Proton Mail - sconti fino al 40%"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Per questo Black Friday ti offriamo fino al 40% di sconto sugli abbonamenti a Proton Mail. Scopri le straordinarie offerte sui piani di abbonamento alla nostra email dotata di crittografia end-to-end."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Offerta di Proton Mail per il Black Friday | Fino al 40% di sconto sulla nostra email sicura"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Addebito di ${ TOTAL_SUM } per il primo anno"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Addebito di ${ TOTAL_SUM } per i primi 2 anni"],"30-day money-back guarantee":["Garanzia soddisfatti o rimborsati di 30 giorni"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Addebito di ${ TOTAL_SUM } per i primi 2 anni"],"Billed at ${ TOTAL_SUM } for the first year":["Addebito di ${ TOTAL_SUM } per il primo anno"],"You save ${ SAVE_SUM }":["Risparmi ${ SAVE_SUM }"]},"specialoffer:off":{"${ PERCENT_OFF } off":["−${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Adoro ProtonMail"],"My favorite email service":["Il mio servizio email preferito"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Grazie Proton perché ci proteggi nell'universo complicato di internet."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Ottieni quello per cui hai pagato. Nel caso di big tech, se non paghi niente, vieni usato. Ho smesso di usare Gmail e sono passata a @ProtonMail"]},"specialoffer:time":{"Days":["Giorni"],"Hours":["Ore"],"Min":["Min"]},"specialoffer:title":{"And much more":["E molto altro"],"Make your inbox yours":["Personalizza la tua casella di posta"],"Safe from trackers":["Protezione dai tracker"],"Stay organized":["Mantieni tutto organizzato"],"Black Friday email deals":["Offerte email del Black Friday"],"Don’t just take our word for it":["Non lo diciamo solo noi"],"Our story":["La nostra storia"],"Transfer your data from Google in one click":["Trasferisci i tuoi dati da Google con un solo clic"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Accedi a contenuti bloccati e naviga in modalità privata. Include oltre ${ TOTAL_VPN_SERVERS } server in più di ${ TOTAL_VPN_COUNTRIES } Paesi, possibilità di connettere fino a 10 dispositivi, accesso a servizi di streaming in tutto il mondo, anti-malware, ad-blocker e altro ancora."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Condividi facilmente il tuo calendario con familiari, amici o colleghi e visualizza calendari esterni."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Include il supporto per 1 dominio email personalizzato, 10 indirizzi email, 10 alias hide-my-email, condivisione del calendario e altro ancora."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Include il supporto per 3 domini email personalizzati, 15 indirizzi email, alias hide-my-email illimitati, condivisione del calendario e altro ancora."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Gestisci fino a 25 calendari, app per dispositivi mobili, protezione con la crittografia end-to-end, importazione del calendario da Google in un solo clic e altro ancora."]},"Status banner":{"Learn more":["Scopri di più"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Attenzione: stiamo riscontrando dei problemi con il servizio di ${ issues[0] }"],"We are experiencing issues with one or more services at the moment.":["Stiamo riscontrando dei problemi con uno o più servizi."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["Al momento abbiamo dei problemi con il servizio di Proton VPN"],"Learn more":["Scopri di più"]},"steps":{"Step":["Passaggio"]},"suggestions":{"Suggestions":["Suggerimenti"]},"Support":{"Sub category":["Sottocategoria","Sottocategorie"]},"Support article":{"${ readingTime } min":["${ readingTime } minuto","${ readingTime } minuti"],"Category":["Categoria","Categorie"],"Didn’t find what you were looking for?":["Non hai trovato quello che cercavi?"],"General contact":["Contatti generali"],"Get help":["Ottieni supporto"],"Legal contact":["Contatti legali"],"Media contact":["Contatti per la stampa"],"Partnerships contact":["Contatti per collaborazioni"],"Reading":["Lettura"]},"Support Form Platform option":{"VPN for Android TV":["VPN per Android TV"],"VPN for Chromebook":["VPN per Chromebook"]},"Support troubleshooting":{"App version":["Versione dell'app"],"Browser":["Browser"],"Check if this helps":["Verifica se questo ti è utile"],"Choose a product":["Scegli un prodotto"],"Did this solve your issue?":["Ha risolto il tuo problema?"],"Faster assistance is just a few clicks away":["Ottieni assistenza più velocemente con pochi clic"],"How can we help?":["Come possiamo aiutarti?"],"No, contact support":["No, contatta il supporto"],"Please fill out one field after another":["Compila un campo dopo l'altro"],"Please make your selections":["Fai la tua selezione"],"Proton account":["Account Proton"],"Proton for Business":["Proton for Business"],"Thank you for your feedback":["Grazie per il feedback"],"What can we help with?":["In cosa possiamo esserti di aiuto?"],"Yes":["Sì"]},"support_modal_search_query":{"Search query":["Query di ricerca"]},"support_search_button":{"Search":["Cerca"]},"support_search_i_am_looking_for":{"I'm looking for":["Sto cercando"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Per una risoluzione più rapida, segnala il problema dall'app Bridge: Aiuto > Segnala un problema."],"Information":["Informazioni"]},"SupportForm:option":{"Account Security":["Sicurezza dell'account"],"Contacts":["Contatti"],"Custom email domain":["Dominio email personalizzato"],"Email delivery and Spam":["Consegna delle email e spam"],"Encryption":["Crittografia"],"Login and password":["Login e password"],"Merge aliases and accounts":["Unione di alias e account"],"Migrate to Proton":["Migrazione a Proton"],"Notifications":["Notifiche"],"Other":["Altro"],"Plans and billing":["Piani e fatturazione"],"Proton for Business":["Proton for Business"],"Sign up":["Iscrizione"],"Storage":["Archiviazione"],"Users, addresses, and identities":["Utenti, indirizzi e identità"]},"SupportForm:optionIntro":{"Select a topic":["Seleziona un argomento"]},"swiss_baseed_feature":{"Swiss based":["Con sede in Svizzera"]},"Testimonial":{"Awards":["Premi"],"Customers":["Clienti"],"Featured":["In evidenza"],"Go to testimonial source":["Vai alle testimonianze"],"Open source of award":["Apri la fonte del premio"],"Open source of quote":["Apri la fonte della citazione"],"Reviews":["Recensioni"],"Videos":["Video"],"Watch on TikTok":["Guarda su TikTok"],"Watch on YouTube":["Guarda su YouTube"]},"TestimonialCategory":{"Awards":["Premi"],"Customers":["Clienti"],"Featured":["In evidenza"],"Media":["Media"],"Reviews":["Recensioni"],"Videos":["Video"]},"Text":{"If you need help, check out our ${ supportLink }.":["Se ti serve assistenza dai un’occhiata alla nostra ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["La pagina che stai cercando potrebbe essere stata rimossa, o il link potrebbe essere vecchio."],"Your question may already have an answer in our knowledge base:":["La risposta alla tua domanda potrebbe essere già disponibile nella nostra base di conoscenza:"]},"Title":{"On this page":["In questa pagina"],"Related articles":["Articoli correlati"],"Share ${ thisPage }":["Condividi ${ thisPage }"],"Switch to Proton Pass - Contact us":["Passa a Proton Pass - Contattaci"],"Thank you!":["Grazie"],"this page":["questa pagina"]},"Tooltip":{"More information":["Ulteriori informazioni"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Accedi a contenuti bloccati e naviga in modalità privata. Include oltre ${ TOTAL_VPN_SERVERS } server in più di ${ TOTAL_VPN_COUNTRIES } Paesi, VPN ad altissima velocità, ${ TOTAL_VPN_CONNECTIONS } connessioni VPN, servizi di streaming in tutto il mondo, anti-malware, ad-blocker e altro ancora."]},"wallet_signup_2024:Action":{"Get Proton Wallet":["Ottieni Proton Wallet"]},"wallet_signup_2024:Homepage hero product link title":{"Wallet":["Wallet"]},"wallet_signup_2024:Homepage product navigation bar":{"Wallet":["Wallet"]},"wallet_signup_2024:menu item":{"Bitcoin guide":["Guida Bitcoin"],"Proton Wallet news":["Novità di Proton Wallet"],"Proton Wallet support":["Supporto di Proton Wallet"]},"wallet_signup_2024:Pricing":{"Includes everything in Proton Unlimited and":["Include tutte le funzionalità di Proton Unlimited e"],"Limited availability":["Disponibilità limitata"],"The easiest way to securely own, send, and receive Bitcoin":["Il modo più semplice di possedere, inviare e ricevere Bitcoin in modo sicuro"]},"wallet_signup_2024:ProductRange":{"Discover Proton Wallet":["Scopri Proton Wallet"],"Store and transact Bitcoin privately with an encrypted self-custody wallet.":["Conserva ed esegui transazioni in Bitcoin in modo privato con un portafoglio a custodia autonoma crittografato."]},"wallet_signup_2024:wallet bitcoin":{"Learn about Bitcoin, the Internet's value network.":["Scopri il Bitcoin, la rete di valore di Internet."]},"wallet_signup_2024:wallet overview":{"Ensure you're always in control of your Bitcoin.":["Assicurati di avere sempre il controllo dei tuoi Bitcoin."]},"wallet_signup_2024:wallet security":{"The encrypted, open-source wallet that puts you in control.":["Il portafoglio crittografato e open source che ti dà il controllo."]}}},"base":"blog","cdn":{"enabledForAssets":true,"enabledForImages":true,"url":"https://pmecdn.protonweb.com/"},"unleashApi":"https://account.proton.me/api"};
window.frameworkContext = frameworkContext;
const context = frameworkContext.base === '' ? '' : `${frameworkContext.base}/`;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabledForAssets === true) {
return `${frameworkContext.cdn.url}${context}${filename}`;
} else {
return `/${context}${filename}`;
}
};
})();
Relatively few Spanish and Italian politicians’ details exposed online | Proton
Far fewer Italian and Spanish politicians have had personal details leaked onto the dark web than their European counterparts. We found the official emails of 91 out of 609 Italian politicians (nearly 15%) and only 39 out of 615 Spanish politicians (roughly 6%) on dark web marketplaces where such information is illegally bought and sold.
We worked with Constella Intelligence(nuova finestra) on this investigation, which is part of our ongoing series examining the cybersecurity practices of lawmakers worldwide. Our original report found that roughly 44% of EU MEPs, 18% of French deputies and senators, 68% of UK MPs, and 20% of US political staffers had their email addresses and other sensitive details exposed on the dark web, all of which surpass the numbers out of Italy and Spain.
The email addresses of Italian and Spanish politicians are publicly available, so the fact that they’re being sold on the dark web isn’t a security failure, nor does it suggest that the Italian or Spanish parliaments were hacked. The email addresses and other sensitive data we found were typically leaked in a breach by common service providers, like Adobe, Dailymotion, Dropbox, LinkedIn, or news services (or, in some cases, dating websites).
The fact that politicians used their official email for these accounts is where the security failure occurred, as it makes it easy for attackers to identify the accounts of high-value targets. Additionally, 197 passwords associated with Italian and Spanish politicians were exposed in plaintext. If any of these politicians reused an exposed password to secure an official account, it could also be at risk.
We explore the Italian and Spanish leaks in greater detail below and explain what their potential ramifications could be.
Politicians’ data exposed
We found multiple types of sensitive information linked to politicians’ emails during this investigation, including dates of birth, residence addresses, and social media accounts. Attackers can use this information to create convincing phishing attacks targeting the person whose data leaked or their staffers and colleagues.
Number of email addresses searched
Number of breached email addresses
Number of passwords exposed
Number of passwords exposed in plaintext
Italian Parliament
609
91
195
188
Spanish Parliament
615
39
14
9
Italian politicians’ email addresses are safe, passwords are not
Italian politicians had their emails exposed a total of 402 times on the dark web (this includes email addresses that appear multiple times). Meanwhile, British MPs had their email addresses exposed a total of 2,110 times — over five times more — even though the British House of Commons has roughly the same number of members as the Italian Parliament.
As in our previous investigation, we can see a disparity in the number of breaches between the two houses of the Italian Parliament. We found at least an email address for 73 of the 400 members of the Assembly (18.2%) and only 18 of the 209 members of the Senate (8.6%). Interestingly, this is a reversal of the trend we found with the French Parliament, where 8.8% of the National Assembly had at least their email address exposed compared to 33% of the Senate.
Also, Italian politicians have the most passwords exposed in plaintext in Europe (188) despite only having 195 passwords exposed overall and the fewest members of any parliament. This suggests that at least a few Italian politicians use dangerously outdated or untrustworthy websites.
These exposed email addresses and passwords are important because they are a vulnerability that attackers could exploit. The internet has become a new front in geopolitics, and Italian politicians and government agencies have been targeted repeatedly, particularly by Russian state-backed actors. In May 2023, the pro-Russian group Killnet claimed responsibility for DDoS attacks(nuova finestra) on the websites of Italy’s parliament, military, National Institute of Health, and other government agencies. In August 2023, the pro-Russian group NoName057(16) committed DDoS attacks(nuova finestra) on many of Italy’s major banks. In May 2024, NoName057(16) again took credit for attacks(nuova finestra) on the websites of PM Giorgia Meloni, the Ministry of Infrastructure, and the Ministry of Enterprise.
These attacks show that Russian actors will be interested in testing and embarrassing Italian officials as long as they offer support to Ukraine.
Spanish politicians have the fewest leaks so far
Only 6.3% of Spanish lawmakers had their details exposed on the dark web, the lowest percentage of all the politicians we’ve looked at. Only 29 of the 350 members of the Spanish Congress and a minuscule 10 of the 265 members of the Senate had their details exposed. Even more impressive, we only found nine passwords exposed in plaintext.
We reached out to a Spanish cybersecurity expert to see if there was an explanation for Spain’s outlier performance. Ainoa Guillén Gonzalez, who is based in Madrid and the co-founder of SyndiK8, a cybercrime and threat intelligence research firm, was somewhat surprised by the results, but thinks Spanish politicians learned to prioritize their cybersecurity after observing what happened to labor and social movements that were organized online. “In the early 2010s in Spain, many strikes and protests were organized using Twitter, using social media, using email. Spanish politicians saw this and they also saw how the police and companies monitored social media in an attempt to control these movements. This taught the politicians very quickly the importance of good cybersecurity. And then later on, the Pegasus hacking scandal(nuova finestra) reinforced these lessons all over again.”
In 2022, cybersecurity experts discovered the phones of 63 people involved in the Catalan independence movement had been infected with Pegasus spyware(nuova finestra) (and two individuals had been targeted), including the then-regional Catalan president, Pere Aragonès. A short while later, the Spanish government discovered the prime minister and defense minister(nuova finestra) also had Pegasus malware on their devices. It later came to light that this surveillance had gone on for years, between 2017 and 2020, and at least 18 of the Catalans had been surveilled with judicial approval. As a result, the Spanish intelligence chief resigned(nuova finestra). In 2023, the investigation was closed(nuova finestra) due to Israel’s unwillingness to cooperate, but in 2024, Spain’s highest court ordered prosecutors to reopen the case(nuova finestra) after receiving new information from French officials (French President Emmanuel Macron was allegedly also targeted).
It’s hard to imagine these events didn’t have a massive impact on Spanish politician’s attitudes toward cybersecurity. However, French politicians likely saw the same kind of surveillance of protests, and they had far more information exposed. In the US, the hack of John Podesta’s emails(nuova finestra), Hillary Clinton’s campaign manager during the 2016 presidential election, is arguably the most famous hack of recent memory, and 20% of US staffers’ email addresses still appeared on the dark web.
We should all be concerned about politicians’ breaches
Even if none of the accounts linked to the breaches listed above give attackers access to state secrets, each one is still a real problem that policymakers should take seriously. These accounts could reveal politicians’ private communications or other personal information, like schedules or social networks, that attackers could use for phishing attacks or blackmail.
If a politician reused the same password on multiple accounts and their password was exposed in a breach (and failed to use two-factor authentication(nuova finestra)), that could potentially put confidential information at risk.
How we can all be more secure online
Cybersecurity is a constantly shifting battle. New defenses lead to new attacks that require experts to develop new defenses again. Still, there are simple steps we can all take to be more safe online. In this case, the first step is the most obvious — No one should use their professional email to create online accounts, especially government officials who have access to secret information. Breaches happen with frightening regularity, and if you use a government email, attackers instantly know they have information on a high-value target.
Here are some straightforward steps that everyone — but especially politicians and other high-profile or public figures — should take to strengthen their account security:
Use email aliases: Email aliases mask the true owner of an account, preventing your real email from being exposed in a breach. You can quickly delete aliases that have been compromised without affecting your primary email or other aliases.
Use a password manager: While a password manager can’t improve the security of the services you sign up for, it can ensure that each of your accounts has a strong, random, and unique password. A good password manager also simplifies password sharing and management, reducing the risk of exposing passwords by writing them down.
Use dark web monitoring services: Even if you follow all cybersecurity best practices, your information can still be exposed through a company’s data breach. Dark web monitoring alerts you if your information appears online, allowing you to update your email (or better yet, your email alias) and password before attackers can exploit it.
Proton Pass(nuova finestra) can solve all of these problems. If you choose our Proton Pass Plus plan, you get:
Take control of your account security (and, if you’re a parliamentarian, help avert a national scandal) by signing up for a Proton Pass Plus plan today.
As students build their lives online, Proton makes it safe for them to access
educational resources, communicate with each other, and share knowledge online
safely.