Government email platform moves to Zoho‑backed system after a massive breach. The government email platform upgrade aims to fortify defenses and prevent future hacks.
16 billion usernames and passwords from websites that we all use, including Apple, Google, Facebook, Telegram, and others, were made public by a global data leak.
India isn’t waiting for danger to strike, even though no significant official emails have been compromised (yet). The approach to email security is already changing.
The government switches to a new email system.
The Indian government is recommending that all departments move their email services to @mail.gov.in, a new platform, following the large worldwide data leak that was discovered in June.
In the past, the majority of government officials used emails that ended in @nic.in. However, they are now being requested to switch to the more recent system, which is driven by a platform created by Zoho, an IT company based in Chennai that was awarded the official contract for email services in late 2023.
No significant breach as of yet, but caution first
According to sources, the large dump has not revealed any compromised government email accounts. Officials, however, are not taking any chances. This change is a preventative measure to stop hackers and attacks in the future.
Concern is raised by a defence email phishing incident.
A phishing attempt was launched against a government email address connected to defence around the time of the disclosure. Recipients were advised not to click on the malicious link in the email or download any files.
Government sources verified that it was a distinct, isolated attack involving a single hacked account, despite initial speculation that it might be related to the broader leak.
What was among the 16 billion records that were leaked?
Usernames, passwords, tokens, session cookies, and other login-related information from well-known platforms such as:
Apple
Facebook, Telegram, and Google
GitHub
Numerous VPN services
Because of this data’s current circulation on the dark web, people everywhere are more susceptible to cyberattacks.
CERT-in’s universal safety advice
On June 23, CERT-In, India’s cybersecurity agency, warned the public and companies with an alert (ID: CIAD-2025-0024). They suggest the following:
- Change all passwords right away.
- Activate MFA, or multi-factor authentication.
- Use passkeys or other phishing-resistant login methods.
- Use security models with zero trust.
- Watch out for any unusual login behaviour.
- Protect any databases that are not configured correctly.
- In response to a significant worldwide data leak, the Indian government is transferring its email services to a new platform as a precaution.
