The messages targeted politicians, advisers and journalists. Some of them struggled to remember ever having met the sender. The texts had accurate personal information and soon got flirtatious. Some came with an explicit image.
For several days, mystery surrounded the unsolicited WhatsApp messages that gripped British politics. The news media reported that two legislators had replied by texting back images of themselves.
On Friday, a prominent Conservative lawmaker, William Wragg, owned up to his unwitting role in what is being called the “honey trap” scandal, admitting that he had given the phone numbers of fellow members of Parliament to someone he had met on Grindr, a gay dating app.
Mr. Wragg handed over the information, he told The Times of London, because he was scared that the man “had compromising things on me.” Mr. Wragg apologized and acknowledged that his “weakness has caused other people hurt.”
About a dozen individuals are thought to have received the messages, initially reported by Politico, which were sent by someone identified as “Charlie” or “Abi” to men (some gay, some straight), including one government minister.
The furor has raised questions both about the behavior of British lawmakers and their safety online. One British police department has started an investigation, and the speaker of the House of Commons, Lindsay Hoyle, has written to legislators warning them about their cybersecurity.
Some experts worry that the messages may be part of a spear-phishing operation — designed to elicit compromising information — by a hostile foreign power such as China or Russia.
“Is it plausible that it is a state-backed operation? Yes, it is plausible that is the case,” said Martin Innes, a professor of security, crime and intelligence at Cardiff University. “We don’t know, though.”
Professor Innes said that it was possible that the motive could be financial blackmail, but that if a foreign state was behind the messages, China and Russia would be the “prime suspects” because the attempt seemed to have taken place over several months and was relatively sophisticated. “It requires a certain level of resourcing to sustain it that way.”
In Britain there is growing concern about the malign activities of foreign governments, and last month, the deputy prime minister, Oliver Dowden, announced sanctions against two Chinese individuals and one company, which he said had targeted Britain’s elections watchdog and lawmakers.
Mr. Wragg, 36, who chairs a parliamentary select committee, struck a penitent tone in his comments, saying he was mortified at the consequences of his actions and acknowledging that he had caused damage to others.
“They had compromising things on me,” he told the Times of London. “They wouldn’t leave me alone.” He added that he had handed over some, but not all of the numbers requested, and conceded, “He’s manipulated me, and now I’ve hurt other people.”
But Mr. Wragg was little help in resolving the central question hanging over the saga: Who sent the messages?
The lawmaker told The Times of London that he had never met the person to whom he sent pictures of himself and the phone numbers of others. “I got chatting to a guy on an app and we exchanged pictures,” he said. “We were meant to meet up for drinks, but then didn’t,” he added. “Then he started asking for numbers of people.”
He said the man had given him a WhatsApp number, which “doesn’t work now.”
His spokesman did not immediately respond to an email seeking comment.
Mr. Wragg, who is also vice chairman of the Conservative Party’s influential 1922 Committee of backbenchers, is not running in the general election expected later this year. In 2022, he announced he was taking a short break from Parliament after suffering from anxiety and depression — something he said he had lived with for most of his adult life.
On Friday, Jeremy Hunt, the chancellor of the Exchequer, told reporters that the unsolicited messages were a “great cause for concern,” but praised Mr. Wragg for having “given a courageous and fulsome apology.”
Mr. Hunt said that the unsolicited messages were a “lesson” to lawmakers and to the wider public to be careful about cybersecurity. “This is something we are all having to face in our daily lives,” he added.
The tone of Mr. Hunt’s comments suggested that the Conservative Party, led by Prime Minister Rishi Sunak, was unlikely to take stern disciplinary action against Mr. Wragg for breaching confidentiality and disclosing his colleagues’ information.
Britain’s Tories, who are behind the opposition Labour Party in the opinion polls, have little interest in forcing Mr. Wragg out of Parliament now and running a contest to replace him in Hazel Grove, the district he represents.
In his letter to lawmakers, issued on Thursday, Mr. Hoyle said he was aware of reports of the unsolicited WhatsApp messages, adding that he was keen to encourage any colleagues who received such texts to come forward to the parliamentary security team and share the details and any concerns about their security.
The British Parliament has no oversight over how lawmakers or staff use WhatsApp on personal digital devices, but says that it does offer an advisory service to maximize cybersecurity.
In a statement, the police in Leicestershire, in the east Midlands, said they were “investigating a report of malicious communications after a number of unsolicited messages.” They were sent to a lawmaker in Leicestershire last month and were reported to the police on March 19.
Professor Innes said that although there was no evidence of state-backed involvement in the texting episode, the messages illustrated the need for vigilance.
“Across Europe and the European Union you can see lots of different things happening, lots of ways in which attempts have been made to subvert election processes,” he said. “We do need guards up at this point because it’s a really big year, and there are multiple vulnerabilities available that can be exploited by people that are so minded.”