Email credentials of at least 3,000 government officials have reportedly been compromised. The passwords of these government email ids are available in plain text across multiple databases on the dark web

The 3,000 government email ids with the ‘gov.in' extension belongs to 20 entities, reported The Quint.

The ‘gov.in' IDs are provided only to government officials under ministries, departments, statutory bodies and autonomous bodies of central and state/Union Territories.

Some of these include Indian Space Research Organisation (ISRO), Ministry of External Affairs (MEA), Ministry of Corporate Affairs (MCA), Bhabha Atomic Research Centre (BARC), Atomic Energy Regulatory Board (AERB), and Securities and Exchanges Board of India (SEBI). 
A bar graph showing the ten bodies worst affected by breach of email IDs

Senior officials, too, have had their email ids compromised, said Sai Krishna Kothapalli, alumni of IIT Guwahati and founder of Hackrew, a cyber security startup that found the breach.

Former and current ambassadors, serving and retired scientists in ISRO and senior bureaucrats across state governments and autonomous bodies are among the several officials said to have compromised their email IDs.


Moneycontrol could not verify the claims made by The Quint or Kothapalli.

Currently, it is unknown if any information from the compromised IDs was accessible to anyone. However, this breach does raise some serious concerns. The most significant concern being accessible data from compromised email ids of scientists and other senior government officials working on important programmes.

The breach, if there is one, also highlights the lack of basic security measures taken by officials to protect sensitive data on the web.