- Thousands of official government email addresses exposed online
- Credentials including plaintext passwords are available on the dark web
- The UK has the highest percentage of exposed credentials
The official email accounts of public officials around the world have been leaked online, with many of them exposed along with their plaintext passwords, making it trivial for an attacker to breach their accounts.
Proton researchers explored the darker side of the Internet for publicly available email addresses of government officials and discovered thousands of exposed credentials.
In fact, of the 5,312 emails from US state legislators searched, 3,568 were found to be in violation. The really scary part is that 750 email addresses also had their passwords compromised.
Article continues below.
Which countries had the most compromised credentials?
In the United States, Massachusetts was found to be the state with the most exposed credentials, with 816 email addresses, or 84% of its officials, exposed to data breaches. The state with the most exposed passwords was New Hampshire, with the credentials of 81 officials found on the dark web. In the states of Arizona and Oklahoma, every lawmaker’s email appeared in the breach data sets at least once.
However, it’s not all bad news for the United States, as only 67% of state legislators had their emails exposed. The top spot goes to the United Kingdom, where 68% of official House of Commons email addresses were leaked online. That means that of the 650 members of the UK parliament, 443 of their emails were found in a data breach. Even more worrying is that 284 passwords were exposed, of which 216 were leaked in plain text.
Proton also analyzed the exposed official emails of US political staff and found that 20% had their official emails leaked in a data breach, with 1,848 of the 16,543 staff credentials completely exposed, password and all.
Spain’s parliament suffered the fewest breaches, with only 39 of the country’s 615 official politicians’ email addresses exposed online, and of those, only 9 had their passwords exposed in plain text.
What are the risks of email and credential leaks?
For starters, if an official email and password combination is leaked online, an attacker could quickly access email accounts if they are not protected by multi-factor authentication (MFA). The contents of politicians’ email accounts are often filled with highly sensitive and confidential information that could cause physical and reputational damage if leaked online, or could be used to blackmail politicians.
Furthermore, the compromise of a single email account could turn into a national catastrophe, as an attacker could impersonate an official and distribute phishing emails, further compromising the accounts of other representatives.
If passwords are reused across multiple accounts associated with the same email addresses, an attacker could access official government systems, tools, and software.
Using a dedicated password manager with a built-in or third-party authenticator app is the best way to protect credentials online. Many governments have already mandated the use of two- or multi-factor authentication for official accounts, meaning that even if credentials are exposed online, the attacker would need physical access to a secondary device or biometric identifier to gain access to the account.
The best password manager for every budget
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
