Its a potential national security threat: Proton study finds over 3,500 US legislators official emails leaked and exposed on the dark web
Date:
Fri, 10 Apr 2026 16:20:00 +0000
Description:
The emails and plaintext passwords of thousands of government representatives have been found online.
FULL STORY
The official email accounts of public officials all over the
world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to breach their accounts.
Researchers at Proton scoured the darker side of the internet for the
publicly available email addresses of government officials - and discovered thousands of exposed credentials. In fact, of the 5,312 US state legislator emails searched, 3,568 were discovered in a breach. The truly scary part is that 750 email addresses also had their passwords compromised.
Which countries had the most compromised credentials? In the US, Massachusetts was found to be the state with the most exposed credentials with 816 email addresses, or 84% of its officials, being exposed in data breaches. The state with the most exposed passwords was New Hampshire, with the credentials of 81 officials found on the dark web. In the states of Arizona and Oklahoma, the email of every single legislator appeared in the breach datasets at least
once.
Its not all bad news for the US though, as only 67% of state legislators had their emails exposed. The top spot goes to the UK, which saw 68% of its House of Commons official email addresses leaked online. That means that of the 650 members of parliament in the UK, 443 of their emails were found in a data breach. Even more concerning is that 284 passwords were exposed, with 216 of them being leaked in plaintext.
Proton also analyzed the exposed official emails of US political staffers,
and found that 20% had their official emails leaked in a data breach, with 1,848 of the 16,543 staffers credentials being fully exposed - password and all.
Spains parliament suffered the fewest leaks, with just 39 of the country's
615 official politicians' email addresses exposed online, and of that, just 9 had their passwords exposed in plaintext.
What are the risks of leaked emails and credentials? For a start, if an official email and password combination is leaked online, an attacker could quickly access the email accounts if it isnt secured using multi-factor authentication (MFA). The contents of politicians' email accounts are often full of highly sensitive and confidential information that could cause reputational and physical damage if leaked online, or could be used to blackmail politicians.
Moreover, the compromise of a single email account could snowball into a national catastrophe as an attacker could pose as an official and distribute phishing emails, further compromising the accounts of other representatives.
If passwords are reused across multiple accounts associated with the same
email addresses, an attacker could access official government systems, tools, and software.
Using a dedicated password manager with either a built-in or third-party authenticator app is the best way to protect credentials online. Many governments have already mandated the use of two-factor or multi-factor authentication for official accounts, meaning that even if credentials are exposed online the attacker would need physical access to a secondary device
or biometric identifier in order to access the account.
Link to news story:
https://www.techradar.com/pro/security/its-a-potential-national-security-threa t-proton-study-finds-over-3-500-us-legislators-official-emails-leaked-and-expo sed-on-the-dark-web
$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/107)