Researchers at Proton have uncovered thousands of official government email addresses exposed online, including plaintext passwords that leave accounts vulnerable to attacks.
US State Legislators Heavily Impacted
Analysis of 5,312 US state legislator emails revealed 3,568 exposed in data breaches, representing 67% of those searched. Among these, 750 accounts had passwords compromised.
Massachusetts leads with 816 exposed emails, affecting 84% of its officials. New Hampshire saw 81 officials’ passwords leaked. In Arizona and Oklahoma, every legislator’s email appeared in breach datasets at least once.
Global Exposure Highlights
The UK House of Commons experienced the highest exposure rate, with 68% of its 650 members’ emails—443 in total—found in breaches. Of these, 284 passwords leaked, including 216 in plaintext.
US political staffers faced similar risks, with 20% of 16,543 official emails exposed, and 1,848 fully compromised with passwords.
Spain’s parliament fared best, with only 39 of 615 politicians’ emails leaked and 9 passwords in plaintext.
Risks of Exposed Credentials
Leaked email-password pairs enable attackers to access accounts lacking multi-factor authentication (MFA). These inboxes often contain sensitive information that could lead to blackmail, reputational harm, or physical threats.
A single breach can escalate: attackers impersonate officials to send phishing emails, compromising networks. Reused passwords across systems heighten risks to government tools and infrastructure.
Protection Measures
Password managers paired with authenticator apps offer strong defense. Many governments now require MFA, blocking access even with stolen credentials unless attackers obtain secondary factors like biometrics.
