Since 1 December, one or more hackers have been publishing data and documents from hundreds of German politicians in a Twitter advent calendar – a massive assault on the government that wasn’t discovered until Thursday night.

Apparently, nobody noticed until the hacker hijacked the Twitter account of German YouTube star Simon Unge.

On Friday, Berlin public broadcaster RBB Inforadio was the first to report on the hack.

RBB reported that it’s not yet known who the culprit(s) are. But there are theories: A YouTuber named Tomasz Niemiec told news outlet T-online.de that a guy who’s out to gain attention is behind the attacks.

Niemiec said that he knew the hacker strictly through online communications and that the man has been active for years, collecting data and hacking YouTube accounts.

Niemiec says he talked to the hacker on Friday in an effort to get him to surrender Unge’s hijacked account: a highly valuable one with two million YouTube followers. According to what Niemiec told T-online.de, the hacker has hinted that he hijacked Unge’s account by exploiting a supposed bug in two-factor authentication – a purported bug that he doesn’t intend to publish, Niemiec said.

Interior Minister Horst Seehofer told reporters that an initial analysis suggests that the stolen material was obtained from cloud services, email accounts or social networks.

It’s a motley collection that, at least upon initial review, doesn’t seem to contain any highly sensitive political documents. The data sets contain party memos, mobile phone numbers, contact info, photo ID cards, letters, invoices, direct debit authorizations, invitations, chats between politicians’ family members, and credit card information from their family circles.

The targets included Chancellor Angela Merkel and President Frank-Walter Steinmeier. The hackers published Merkel’s fax number, email address and several letters written by and addressed to her, Deutsche Welle reported, citing the DPA news agency.

A government spokeswoman:

With regard to the Chancellery it seems that, judging by the initial review, no sensitive information and data have been published and this includes [from] the chancellor.

Within hours after the news having broken, Twitter shut down the account that for weeks had been leaking the data. The account, named G0d, claims to be based in Hamburg. Security researcher Luca Hammer, who works on identifying Twitter bots, said that two other Twitter accounts, @_0rbit and @_0rbiter, had also been used to spread the material, as well as the Google blog http://0rbiter.blogspot.com. They’ve all since been taken down.

According to Bloomberg, G0d described itself using the words “security researching,” “artist” and “satire & irony.” The account had previously published celebrities’ private data, according to NPR.

Besides politicians, artists and journalists with leftist leanings were also targeted. The first target, on 1 December, was the German television comedian Jan Böhmermann. It went on up from there to pull in members of Chancellor Angela Merkel’s center-right party and its Bavarian counterpart.