Centre asks employees to switch email after global data breach
What's the story
In light of the recent global data breach involving 16 billion login credentials, the Indian government has advised its employees to switch to a new email platform. The move comes after cybersecurity agency CERT-In issued an advisory in June about the exposure of login credentials from various online platforms. The government is now recommending a shift to the National Informatics Centre (NIC) email domain and platform, @mail.gov.in, according to Moneycontrol.
Changeover details
Migration to a new platform
Previously, government officials used the @nic.in domain for their official emails. However, in late 2023, Chennai-based IT company Zoho won a tender to manage the government's email services. "It is advised that departments migrate to the new Zoho platform," sources advised. The transition is part of a precautionary measure amid concerns over potential security risks from the massive data breach.
Security status
No reports of compromised government email IDs
Despite the massive data breach, there have been no reports of any compromised government email IDs. The advisory to switch platforms was given as a precautionary measure. Around the same time as this data breach, a defense-related government email ID was targeted in a phishing attack. However, senior government officials have ruled out any connection between this incident and the larger data leak.
Cybersecurity warning
Exposure of over 16 billion login credentials
In June, CERT-In had warned about the exposure of over 16 billion login credentials from major online platforms such as Apple, Facebook, Google, Telegram, GitHub, and several VPN services. The leaked data included usernames, passwords, authentication tokens, and session cookies, among other metadata. The agency had also recommended that individuals change their passwords immediately and enable multi-factor authentication (MFA) and phishing-resistant login methods such as passkeys wherever possible.
Security measures
CERT-In's recommendations to mitigate risks
CERT-In also advised organizations to implement zero-trust security models, monitor suspicious login activity, and secure misconfigured databases. The agency warned that the leaked data is now available on the dark web, raising the risk of cyberattacks from credential stuffing to business email compromise. These recommendations are part of a broader effort by Indian authorities to bolster cybersecurity in light of recent events.