Become a TechRadar Insider
- Thousands of official government email addresses are exposed online
- Credentials including plaintext passwords are available on the dark web
- The UK has the highest percentage of exposed credentials
The official email accounts of public officials all over the world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to breach their accounts.
Researchers at Proton scoured the darker side of the internet for the publicly available email addresses of government officials - and discovered thousands of exposed credentials.
In fact, of the 5,312 US state legislator emails searched, 3,568 were discovered in a breach. The truly scary part is that 750 email addresses also had their passwords compromised.
Article continues belowWhich countries had the most compromised credentials?
In the US, Massachusetts was found to be the state with the most exposed credentials with 816 email addresses, or 84% of its officials, being exposed in data breaches. The state with the most exposed passwords was New Hampshire, with the credentials of 81 officials found on the dark web. In the states of Arizona and Oklahoma, the email of every single legislator appeared in the breach datasets at least once.
It’s not all bad news for the US though, as only 67% of state legislators had their emails exposed. The top spot goes to the UK, which saw 68% of its House of Commons official email addresses leaked online. That means that of the 650 members of parliament in the UK, 443 of their emails were found in a data breach. Even more concerning is that 284 passwords were exposed, with 216 of them being leaked in plaintext.
Proton also analyzed the exposed official emails of US political staffers, and found that 20% had their official emails leaked in a data breach, with 1,848 of the 16,543 staffer’s credentials being fully exposed - password and all.
Spain’s parliament suffered the fewest leaks, with just 39 of the country's 615 official politicians' email addresses exposed online, and of that, just 9 had their passwords exposed in plaintext.
What are the risks of leaked emails and credentials?
For a start, if an official email and password combination is leaked online, an attacker could quickly access the email accounts if it isn’t secured using multi-factor authentication (MFA). The contents of politicians' email accounts are often full of highly sensitive and confidential information that could cause reputational and physical damage if leaked online, or could be used to blackmail politicians.
Moreover, the compromise of a single email account could snowball into a national catastrophe as an attacker could pose as an official and distribute phishing emails, further compromising the accounts of other representatives.
If passwords are reused across multiple accounts associated with the same email addresses, an attacker could access official government systems, tools, and software.
Using a dedicated password manager with either a built-in or third-party authenticator app is the best way to protect credentials online. Many governments have already mandated the use of two-factor or multi-factor authentication for official accounts, meaning that even if credentials are exposed online the attacker would need physical access to a secondary device or biometric identifier in order to access the account.
➡️ Read our full guide to the best password manager
1. Best overall:
NordPass
2. Best for mobile:
RoboForm
3. Best for syncing and sharing:
Keeper
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.