New Email Warning For Millions—Passwords And Mail Content Exposed

A new security warning has been issued to alert millions of email hosts that their servers are exposing user passwords and message content in plain text to any hacker who takes the trouble to sniff the data out. The ShadowServer Foundation, a nonprofit security organization that works behind the scenes to help make the internet a more secure place for everyone, took to X to issue the alert and revealed it is sending warning notifications to impacted email hosts. Here’s what you need to know.

ForbesDon’t Click Twice—New Chrome, Edge, Safari Hack Attack WarningBy Davey Winder

Millions Of Email Servers Are Exposing User Passwords

The Shadowserver Foundation alert posted to X on Dec. 31 warned that scans have confirmed millions of email services are operating without transport layer security enabled, which meant that usernames and passwords were not being encrypted during transmission. The posting revealed that the foundation is seeing 3.3 million POP3 email hosts and a similar number of IMAP email hosts, although there is a large amount of overlap between the two.

Transport layer security is a cryptographic communication protocol that is designed to enable a more secure transfer of information across the internet; in particular, TLS helps prevent hackers from “sniffing” the network by encrypting users’ email credentials and message contents rather than sending them in clear text. The obverse side of the communications coin is that without TLS encryption, that information is there for anyone to sniff out.

“We have started notifying about hosts running POP3/IMAP services without TLS enabled,” the Shadowserver Foundation said, “meaning usernames/passwords are not encrypted when transmitted.” Vulnerability reports for both POP3 email servers and IMAP email hosts can be found on the Shadowserver Foundation site.

ForbesGmail Security Threat Is Confirmed And Google Won’t Fix It—Here’s WhyBy Davey Winder

Mitigating The TLS-Disabled Email Password Exposure Threat

A Shadowserver Foundation spokesperson said that “regardless of whether TLS is enabled or not, service exposure may enable password-guessing attacks against the server.” All email users are advised to check with their email service provider that TLS is indeed enabled and the latest version of the protocol is being used. Users of Apple, Google, Microsoft and Mozilla email platforms need not worry as all enable TLS and make use of the latest versions.