The end of 2018 has been marked with possibly the largest data leak in German history.

Documents belonging to or mentioning politicians, journalists, and celebrities were published in December but caught mass attention only last Thursday. We break down the Germany data breach and update this article as the story unfolds.

What kind of data has leaked in the Germany data breach and what it was about

Germany data breach included personal information such as phone numbers, addresses, credit card details. It also included internal documents of political parties, along with private chats. According to government spokeswoman Martina Fietz, some of the documents might be fake. Her words were backed by one of the victims, MP Florian Post, who said that at least one leaked message was not written by him.

Chancellor Angela Merkel was among the victims of the Germany data breach, with some letters from her and to her that included revealed email addresses and a fax number. No sensitive information seems to have been leaked.

Apparently, all political parties were impacted by the Germany data breach, save for the far-right Alternative for Germany (AfD). Because not a single politician from the aforementioned party has been compromised, some speculate the data has been leaked by far-right supporters. This is backed by Spiegel’s report that the Twitter account where the documents were posted was following a far-right website Others note that such volume of data can only come from several different sources.

One of the politicians most affected by the Germany data breach was Robert Habeck, the leader of the German Green party. He had his chats with the members of his family publicized. Others who were hit hard by the data breach had their ID photos, bank account info, and family pictures exposed.

Why and how did the largest data leak in German history start

It all began on 1 December 2018 on Twitter. An account named “0rbit” started sharing links to the documents each day. First came the journalists and celebrities of Germany, apparently to garner more attention.

On 4 January 2018, the account of 0rbit has already been shut down. It had more than 18,000 followers and named its location as Hamburg, the second biggest city in Germany. It was still unclear if the Germany data breach was a hacker attack or an inside job. Germany’s federal office for information security informed that no government networks were targeted. The interior ministry proposed a version that all data might have been collected after obtaining login details to emails, cloud services, and social networks.

Chances are that the Germany data breach started way back in 2015 when the German parliament had been hacked. Back then, a piece of spyware has been installed, forcing the shut down of the parliamentary intranet. The blame was put on Russian hackers, but Putin’s government denied all accusations. Nevertheless, some security experts link these attacks to a Russian hacker group named APT28 that has links with Russia’s government agencies and is said to have been responsible for the attack preceding the 2016 US elections.

It’s still not known what the motive behind this Germany data breach was and how come nobody noticed it for over a week with the account having thousands of followers. But Germany’s intelligence has already asked the US for help in investigating this historical data breach.

On Sunday, a raid by the German police in Heilbronn entered a teenager’s house and confiscated his computer equipment. As for this Monday, it’s known that after questioning, the teenager named “Jan S” confirmed that he knew the person associated with the Twitter name “0rbit” but denied being the main figure in this case.

Jan S has known 0rbit for years and the latter has sent an email just before the publication of all data where he claims to plan to destroy his computer afterward. The two have been using an encrypted messaging service for communication but after the attack 0rbit has deleted his account.

Read more about such cybersecurity threats.