Technology

New Email Warning for Millions of Users – Passwords and Email Content Exposed

Aman Tech
3 Min Read
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!
Fake Email Warning
Millions of email users are exposing their passwords to hackers. | Img Credit: Getty

A new security warning has been issued to alert millions of email hosts that their servers are exposing user passwords and email content in plain text to any hacker who bothers to sniff the data. The Shadowserver Foundation, a non-profit security organization that works behind the scenes to make the internet a safer place for everyone, issued the alert via X (formerly Twitter) and revealed that they are sending warning notifications to the affected email hosts. Here’s what you need to know:

Contents
Millions of Email Servers Exposing User PasswordsMitigating the Risk of TLS-disabled Email Password Exposure

Millions of Email Servers Exposing User Passwords

On December 31st, the Shadowserver Foundation posted a warning on X, stating that scans have confirmed millions of email services are operating without Transport Layer Security (TLS) enabled. This means that during transmission, usernames and passwords were not being encrypted. The post revealed that the Foundation is monitoring 3.3 million POP3 email hosts and the same number of IMAP email hosts, although there is significant overlap between the two.

Transport Layer Security is a cryptographic communication protocol designed to enable more secure transfer of information across the internet. Specifically, TLS helps prevent hackers from intercepting users’ email credentials and message content by encrypting them, instead of sending them in plain text. The flip side of this communication coin is that without TLS encryption, that information is open to anyone who might be sniffing the network.

Related

Apple withdraws the Lightning-based devices from European stores.

The Shadowserver Foundation stated, “We have started notifying hosts running POP3/IMAP services without TLS enabled,” adding, “This means that usernames and passwords are not encrypted when transmitted.” Vulnerability reports for both POP3 email servers and IMAP email hosts can be found on the Shadowserver Foundation’s site.

Mitigating the Risk of TLS-disabled Email Password Exposure

A spokesperson from Shadowserver Foundation said, “Whether TLS is enabled or not, service exposure can enable password-guessing attacks against servers.” All email users are advised to check with their email service provider to confirm that TLS is enabled and that the latest version of the protocol is being used.

Users of email platforms from Apple, Google, Microsoft, and Mozilla need not worry, as all these services enable TLS and use the latest version.

TAGGED:
Share This Article
Previous Article Thickness and Price Range of iPhone 17 Air Revealed in New Report
Next Article Samsung Leak Reveals Galaxy S25 Ultra Release Date
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version