The Ministry of Electronics and Information Technology said that recent credential leaks from Domino's, BigBasket and Air India didn't impact the email system used by government employees. At least one of those breaches — BigBasket's — reportedly includes password data, raising concerns that among the millions of password hashes leaked some government employees' credentials might leave their official email accounts vulnerable. The government said in a statement Sunday that this concern wasn't valid: In view of this it is important to clarify that firstly, there has been no cyber breach into the email system of the Government of India maintained by the National Informatics Centre (NIC). The email system is totally safe and secure. Secondly, cyber security breach on external portals may not impact the users of Government Email Service, unless the Government users have registered on these portals using their Government Email Address and have used the same password as the one used in the Government Email Account. — MEITY Statement Password reuse is very common, so even MEITY's denial appears to concede that some email accounts that use the same password across services might be impacted. However, the Ministry added that government email accounts are required to change their passwords every three months, which might reduce the risk substantially; it is unclear, though, if the 90-day password change is a requirement or if it is simply a persistent notification that users can choose to ignore. In the latter case, the risk may well be more elevated. The National…
