Movimento 5 Stelle

The Five Star Movement, also known as Movimento 5 Stelle or associated with its Rousseau platform, functions as an Italian political organization. Its core activities prominently involve operating the Rousseau online platform, which facilitates internal democratic processes and member engagement. This platform serves as a critical digital infrastructure for the movement, enabling functions such as collecting donations from supporters, hosting digital policy votes among members, managing candidate lists for elections, and conducting internal leadership ballots. The platform's operation is central to the group's internet-based governance model and its interactions with supporters and members across Italy.

The organization has faced significant cybersecurity challenges directly impacting its core operations. Two major breaches of the Rousseau platform have been documented. In August 2017, hackers compromised the platform, disrupting internal democratic processes like leadership voting through extended technical failures and alleged ballot manipulation. This attack exposed vulnerabilities in the platform's infrastructure, compromising member and donor data. Security experts criticized the system's outdated design and inadequate protections, noting its rudimentary nature created multiple opportunities for exploitation. A subsequent breach occurred in September 2018, where a hacker known as Rogue0 accessed the platform, exposing personal data including names, email addresses, and donation amounts of contributors. The attacker published partial donor information and indicated access to broader database contents related to candidate lists and training proposals, suggesting a compromise of current operational records. This incident raised serious concerns about unresolved vulnerabilities despite previous regulatory fines and mandated security improvements following the 2017 attack. Italy's data protection authority investigated both breaches to determine if they stemmed from previously identified weaknesses. These repeated security failures undermined confidence in the platform's reliability, threatened operational credibility, hampered membership growth, and highlighted systemic weaknesses exacerbated by the managing consultancy's limited resources. The persistence of these vulnerabilities demonstrated significant shortcomings in the platform's security posture and its ability to safeguard sensitive member and donor information effectively.