Thousands of government email addresses and passwords exposed online

As reported by Tech Radar, thousands of official government email addresses and their associated credentials, including plaintext passwords, have been discovered exposed online and on the dark web, posing a significant security risk.

Researchers from Proton identified a substantial number of compromised email accounts belonging to public officials globally. The investigation revealed that 3,568 out of 5,312 US state legislator emails searched were found in breaches, with 750 of those also having their passwords exposed. Massachusetts reported the highest percentage of exposed credentials at 84%, while New Hampshire had the most exposed passwords. Nationally, 67% of US state legislators had their emails exposed. The United Kingdom reported the highest overall exposure, with 443 out of 650 members of parliament having their official emails leaked, and 284 passwords exposed, 216 of which were in plaintext. US political staffers also saw 20% of their official emails leaked, with 1,848 credentials fully exposed. Spain had the fewest leaks, with only 39 politicians' emails exposed and 9 plaintext passwords.

The exposure of these credentials, particularly in plaintext, creates a severe vulnerability. Attackers can easily gain access to sensitive government communications if multi-factor authentication is not in place. This could lead to the compromise of confidential information, potential blackmail, and cascading attacks where compromised accounts are used to target others.

Source: Tech Radar