- Thousands of official government email addresses have been exposed online
- Credentials including plain text passwords are available on the dark web
- The UK has the highest percentage of exposed credentials
Official email accounts of government officials around the world have been leaked online, with many revealed along with their plain text passwords, making it trivial for an attacker to breach their accounts.
Researchers at Proton scoured the dark side of the Internet for the publicly available email addresses of government officials — and discovered thousands of exposed credentials.
In fact, 3,568 of the 5,312 emails from US lawmakers that were searched were discovered in a breach. The really scary part is that 750 email addresses also had their passwords compromised.
The article continues below
Which countries had the most compromised credentials?
In the US, Massachusetts was found to be the state with the most compromised credentials, with 816 email addresses, or 84% of its government officials exposed in the data breach. The state with the most exposed passwords was New Hampshire, with the credentials of 81 officials found on the dark web. In the states of Arizona and Oklahoma, the email from each legislator appeared in the breach datasets at least once.
It’s not all bad news for the US though, as only 67% of state legislators had their emails disclosed. First place goes to the UK, which saw 68% of its House of Commons official email addresses leaked online. This means that of the 650 Members of Parliament in the UK, 443 of their emails were found in a data breach. Even more worryingly, 284 passwords were exposed, of which 216 were leaked in clear text.
Proton also analyzed the exposed official emails of US political staff and found that 20% had their official emails leaked in a data breach, where 1,848 of the 16,543 staffers’ credentials were completely exposed – password and all.
Spain’s parliament suffered the fewest leaks, with only 39 of the country’s 615 official politicians’ email addresses exposed online, and of that, only 9 had their passwords revealed in plain text.
What are the risks of leaked emails and credentials?
For starters, if an official email and password combination is leaked online, a hacker can quickly gain access to the email accounts if not secured using multi-factor authentication (MFA). The contents of politicians’ email accounts are often filled with highly sensitive and confidential information that could cause reputational damage and physical harm if leaked online, or could be used to blackmail politicians.
Furthermore, the compromise of a single email account could snowball into a national disaster, as an attacker could impersonate an official and distribute phishing emails, further compromising the accounts of other representatives.
If passwords are reused across multiple accounts associated with the same email addresses, a hacker can gain access to official government systems, tools and software.
Using a dedicated password manager with either a native or third-party authentication app is the best way to protect credentials online. Many governments have already mandated the use of two- or multi-factor authentication for official accounts, meaning that even if credentials are exposed online, the attacker would need physical access to a secondary device or biometric identifier to gain access to the account.
The best password manager for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
