- Thousands of official government email addresses exposed online
- Credentials, including plaintext passwords, are available on the dark web
- The UK has the highest percentage of diplomas on display
The official email accounts of civil servants around the world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to hack their accounts.
Proton researchers scoured the darker side of the Internet for the publicly accessible email addresses of government officials and discovered thousands of exposed credentials.
In fact, of the 5,312 US state legislator emails searched, 3,568 were found to be in violation. What’s really scary is that the passwords of 750 email addresses were also compromised.
Article continues below
Which countries had the most compromised credentials?
In the United States, Massachusetts was found to be the most credential-exposed state, with 816 email addresses, or 84% of its public employees, exposed to data breaches. The state with the most exposed passwords was New Hampshire, with the credentials of 81 officials found on the dark web. In the states of Arizona and Oklahoma, each legislator’s email appeared at least once in the violation data sets.
This isn’t bad news for the United States, however, as only 67% of state legislators had their emails exposed. First place goes to the United Kingdom, which saw 68% of its official House of Commons email addresses leaked online. This means that out of 650 UK MPs, 443 of their emails were discovered in a data breach. Even more worrying, 284 passwords were exposed, of which 216 were leaked in plain text.
Proton also analyzed exposed official emails of US political staffers and found that 20% had their official emails leaked following a data breach, with 1,848 of 16,543 staff credentials fully exposed – password and all.
Spain’s parliament suffered the fewest leaks, with only 39 of the country’s 615 official politicians’ email addresses exposed online, and of those, only 9 had their passwords exposed in the clear.
What are the risks of email and credential leaks?
For starters, if an official email and password combination is leaked online, an attacker could quickly gain access to email accounts if they are not secured using multi-factor authentication (MFA). The contents of politicians’ email accounts are often full of highly sensitive and confidential information that could damage their reputation and physical integrity if leaked online, or could be used to blackmail politicians.
Additionally, the compromise of a single email account could turn into a national disaster, as an attacker could pose as a government official and distribute phishing emails, further compromising the accounts of other officials.
If passwords are reused across multiple accounts associated with the same email addresses, an attacker could gain access to official government systems, tools and software.
Using a dedicated password manager with a built-in or third-party authenticator app is the best way to protect online credentials. Many governments have already mandated the use of two- or multi-factor authentication for official accounts, meaning that even if the credentials are exposed online, the attacker would need physical access to a secondary device or biometric identifier to gain access to the account.
The best password manager for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
