ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

German hacker behind largest data breach in German history was self taught

German data protection

A 20-year-old German man was arrested this week in connection with the largest data breach in German history. 

The unnamed hacker, who goes by the now-suspended Twitter handle @_0rbit, confessed to orchestrating the attack which targeted approximately 1,000 German political leaders, celebrities, and journalists. 

The attack exposed a sizeable cache of the victims’ personal information, including private messages, personal photographs, credit card data, phone numbers, and private addresses. 

Though the hacker’s political affiliation is not apparent at this time, nearly all German political parties were affected, including Chancellor Angela Merkel and her Christian Democratic Union. The only political party that appeared to be spared was the far-right Alternative for Germany (AfD) party. At present, it's unknown whether this was intentional.

According to the suspect’s confession, his only motive was his displeasure at statements made by the public figures he targeted in the data breach.

The hacker leaked the data on his Twitter feed on a daily basis throughout December, in the style of an advent calendar. The Twitter account had over 18,000 followers before being suspended last week. According to the hacker’s confession, he acted alone and had gathered the information over an extended period of time before exposing the data on Twitter. 

One rather alarming detail about the operation was that the hacker lacked formal IT training. Instead, he taught himself the hacking methods he used in the attack using resources he found online. The fact that such a sophisticated attack on high-profile targets could be performed by a single, self-taught individual will likely alarm cyber-security professionals. 

Although the hacker no longer has access to the accounts, and the security vulnerabilities that he was able to exploit have since been patched, the damage has already been done. Now questions regarding the German information security agency’s handling of the data breach will need answering. How did the breach continue on a daily basis for an entire month unimpeded? Why did authorities dismiss the breach as an isolated incident when they first learned of the attacks in December? When exactly did German intelligence agencies realize the actual scale of the attack and why didn’t they immediately address the situation publicly, to reassure German citizens’ concerned about the security of their private data?

The breach had such an impact that it prompted several political leaders to take action. Robert Habeck, head of The Greens, deleted both his Twitter and Facebook accounts after being directly affected by the attack. German Interior Minister Horst Seehofer proclaimed to a group of reporters at a press conference that he would propose new data protection legislation this year in response to the breach.

Though the attack focused heavily on political targets, government officials announced that no government systems had been affected by the breach. Regardless, the largest data breach in German history serves as a sobering reminder that such an attack is alarmingly simple to orchestrate and that government officials and citizens alike need to be fully aware of the security risks and take steps to protect their online data.

One of the best ways for individuals to protect their sensitive personal data online is through the use of a virtual private network (VPN). The best VPNs on the market today will fully encrypt their users’ internet communications and can act as an essential online security tool to help protect users’ private data.

Written by: Attila Tomaschek

Attila is a Hungarian-American currently living in Budapest. Being in the VPN game for over 5 years, along with his acute understanding of the digital privacy space enables him to share his expertise with ProPrivacy readers. Attila has been featured as a privacy expert in press outlets such as Security Week, Silicon Angle, Fox News, Reader’s Digest, The Washington Examiner, Techopedia, Disruptor Daily, DZone, and more. He has also contributed bylines for several online publications like SC Magazine UK, Legal Reader, ITProPortal, BetaNews, and Verdict.

1 Comment

on January 11, 2019
Sophisticated cyberguru self-taught 20 years old kid, done it all by himself except learning not do hack from own home. Interesting.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service