This is significant news. India has disclosed that 16 billion login credentials were posted online. In response to the breach of security on official government email, they intend to migrate all accounts to a new email domain.
All Ministries and Departments will migrate to the new email domain: @mail.gov.in away from their current email domain - @nic.in.
If I were to take charge, I would:
Keeping your accounts and online engagement safe in today’s world is so much more critical than anything before. Don’t wait to implement changing your passwords and don’t delay yourselves from becoming aware of your activity.
What was leaked?
In June of 2025, cybersecurity experts discovered an enormous breach:- 16 billion login credentials were posted online.
- This included usernames, email addresses, passwords, and login tokens.
- The breach originated from all major platforms, such as Google, Apple, Facebook, Telegram, GitHub, X (Twitter), and some VPNs.
What does this mean?
A new email domain: @mail.gov.inAll Ministries and Departments will migrate to the new email domain: @mail.gov.in away from their current email domain - @nic.in.
- Emails will be more secure.
- It gives the government improved security oversight.
- The transition will be led by a vendor called Zoho.
Reasons for the change
- A phishing attempt was made against a defense email which made it high priority.
- CERT India reported leaked passwords could again be used to access government email without us knowing.
- Old email platforms are less secure than newer email systems justifying new email systems.
Here’s what you should do
CERT In recommends everyone:- Change your passwords ASAP
- Implement multi-factor-authentication (MFA)
- Be vigilant of suspicious emails
- Re-use passwords that have been leaked online (credential stuffing)
- Deceive individuals using fake emails
- Deploy ransomware or breach systems
In my opinion
I think it is smart to switch to a new email domain. A leak that involves this many individuals and accounts is nothing to ignore. Mentioning you had no concerns about your account at the time doesn’t mean that you won’t be impacted in the future. Old passwords or previous phishing attacks could very well have ongoing affects.If I were to take charge, I would:
- Transition over to new emails as quickly as possible
- Employ strong, well-unique passwords
- Implement MFA everywhere
- Be cautious of links in emails
Takeaways
India, following a leak that compromised 16 billion records, transitioned many governmental email accounts from one domain (@nic.in) to another (@mail.gov.in) with the objective of improving protection of user accounts and allowing the authorities to establish certain controls. CERT In recommends that everyone institutes account safety procedures as a matter of right-now attention.Keeping your accounts and online engagement safe in today’s world is so much more critical than anything before. Don’t wait to implement changing your passwords and don’t delay yourselves from becoming aware of your activity.
