“New Delhi — Following what experts describe as the largest data breach ever recorded, the Indian government has directed all ministries and departments to transition from the long-standing @nic.in email domain to the more secure @mail.gov.in platform.”
The World’s Largest Data Breach
In June 2025, the world witnessed the disclosure of the largest data breach in history, exposing an unprecedented 16 billion login records. The compromised data included email addresses, passwords, authentication tokens, and session cookies.
High-profile accounts linked to global tech leaders—Apple, Google, Facebook, Telegram, GitHub, X (formerly Twitter), and multiple VPN services—were among those affected.
Although there is no direct evidence suggesting that Indian government accounts were compromised, officials emphasized that the potential risk could not be dismissed. “When it comes to national security, even the perception of vulnerability is unacceptable,” a senior official stated.
Zoho Steps In
The shift follows Zoho’s success in securing a government contract in late 2023 to manage the nation’s email infrastructure. The Chennai-based IT firm is now overseeing a phased migration to the @mail.gov.in domain, which officials say provides enhanced resilience, stronger hosting control, and improved data protection.
Phishing Attack Raises Alarm
The urgency of the transition was heightened after a defense-related government email account was targeted in a phishing attempt shortly after the breach became public.
The malicious message contained a link designed to deploy malware if accessed.
Investigators confirmed the incident was isolated and did not result in the exposure of sensitive information.
Nevertheless, the episode amplified concerns within security circles, underscoring how even one compromised account can open the door to wider intrusions.
CERT-In’s Warning
In June, the Indian Computer Emergency Response Team (CERT-In) issued an advisory cautioning that the leaked credentials were already circulating on the dark web and could be exploited by threat actors.
The agency highlighted specific risks, including:
- Credential stuffing — using stolen passwords to gain unauthorized access to other accounts.
- Business email compromise — a costly fraud tactic targeting organizations.
- Ransomware attacks — aimed at disrupting government and corporate networks.
CERT-In urged institutions and individuals alike to take immediate precautions: change passwords, enable multi-factor authentication, and remain alert to suspicious links and communications.
Expert’s View: Professor Triveni Singh
Cybercrime expert and former IPS officer Professor Triveni Singh warned that the breach signals something far larger than a technical mishap:
“This is not just about stolen passwords — it is a global cyber warning. Hackers are no longer content with stealing data; they monetize it, weaponize it, and use it to undermine financial systems and even national security. In a country like India, where hundreds of millions depend on digital payments and e-governance, the risk is exponentially higher. The government has acted wisely and on time, but now citizens and institutions must treat cyber hygiene as a daily discipline.”
What It Means for Citizens
Experts warn that the consequences of this breach reach far beyond the walls of government offices. In a country where digital systems are woven into daily life, the risks are not abstract — they touch every citizen. India’s booming digital economy, built on the backbone of UPI payments, online banking, e-commerce, and e-governance services, could face serious disruption even from seemingly minor breaches.
Cybersecurity analysts stress that once login credentials are exposed, they can quickly become tools for fraud, identity theft, or financial scams. A single reused password might allow attackers to drain a bank account, hijack social media identities, or access sensitive government portals.
To guard against these risks, experts recommend a set of practical, everyday measures:
- Use unique passwords for every service to prevent a breach in one account from compromising others.
- Employ password managers to securely store and generate strong, random credentials.
- Adopt passkeys or biometric authentication where supported, as they offer far stronger protection than traditional passwords.
- Be cautious with emails and links, especially those that appear urgent or unexpected, since phishing remains one of the most effective attack methods.
- Review and update account security settings regularly, including enabling two-factor or multi-factor authentication.
A Broader Security Question
This incident has also forced a broader conversation: as India’s dependence on digital infrastructure accelerates, so too does its exposure to systemic vulnerabilities. What was once dismissed as mere IT housekeeping is now widely acknowledged as a pillar of national security.
The breach illustrates how cybersecurity failures are no longer confined to individual accounts or organizations; they carry the potential to disrupt economies, weaken institutions, and erode public trust. For nations like India, which have leapfrogged into the digital age with rapid adoption of mobile payments, online governance, and cloud-based services, the stakes are especially high.
Professor Triveni Singh summarized the gravity of the moment: “The breach is less about what was lost and more about what could yet be weaponized. Hackers are increasingly organized, global in reach, and financially motivated. The battle for cybersecurity is no longer theoretical. It is here, and it is global.”
In other words, the real challenge for India is not just cleaning up after breaches but building long-term resilience — embedding cybersecurity into every layer of governance, business, and daily life.
