Thousands of government officials worldwide have had their official email addresses and plaintext passwords exposed on the dark web, creating significant security vulnerabilities for national and local governments.

Key Points

• Researchers at Proton discovered thousands of leaked government email credentials, including plaintext passwords, circulating on the dark web.
• The UK’s House of Commons recorded the highest exposure rate, with 68% of official email addresses appearing in data breaches.
• In the United States, 67% of state legislators had their emails exposed, with Arizona and Oklahoma reporting a 100% exposure rate among their representatives.
• Massachusetts saw the highest volume of exposed credentials in the U.S., while New Hampshire had the most compromised passwords for state officials.
• Spain’s parliament reported the lowest number of leaks, with only 39 out of 615 official email addresses appearing in breach datasets.

Why it Matters

These widespread credential leaks expose sensitive government communications to potential blackmail, phishing attacks, and unauthorized access to critical infrastructure. The findings highlight an urgent need for governments to mandate multi-factor authentication to prevent attackers from exploiting reused passwords and compromised accounts.