New Email Warning For Millions—Passwords And Mail Content Exposed – Forbes
Millions of email users are exposing their passwords to hackers.A new security warning has been issued to alert millions of email hosts that their servers are exposing user passwords and message content in plain text to any hacker who takes the trouble to sniff the data out. The ShadowServer Foundation, a nonprofit security organization that works behind the scenes to help make the internet a more secure place for everyone, took to X to issue the alert and revealed it is sending warning notifications to impacted email hosts. Here’s what you need to know.The Shadowserver Foundation alert posted to X on Dec. 31 warned that scans have confirmed millions of email services are operating without transport layer security enabled, which meant that usernames and passwords were not being encrypted during transmission. The posting revealed that the foundation is seeing 3.3 million POP3 email hosts and a similar number of IMAP email hosts, although there is a large amount of overlap between the two.Transport layer security is a cryptographic communication protocol that is designed to enable a more secure transfer of information across the internet; in particular, TLS helps prevent hackers from “sniffing” the network by encrypting users’ email credentials and message contents rather than sending them in clear text. The obverse side of the communications coin is that without TLS encryption, that information is there for anyone to sniff out.“We have started notifying about hosts running POP3/IMAP services without TLS enabled,” the Shadowserver Foundation said, “meaning usernames/passwords are not encrypted when transmitted.” Vulnerability reports for both POP3 email servers and IMAP email hosts can be found on the Shadowserver Foundation site.A Shadowserver Foundation spokesperson said that “regardless of whether TLS is enabled or not, service exposure may enable password-guessing attacks against the server.” All email users are advised to check with their email service provider that TLS is indeed enabled and the latest version of the protocol is being used. Users of Apple, Google, Microsoft and Mozilla email platforms need not worry as all enable TLS and make use of the latest versions.One Community. Many Voices. Create a free account to share your thoughts. Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.Your post will be rejected if we notice that it seems to contain:User accounts will be blocked if we notice or believe that users are engaged in:So, how can you be a power user?Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
