Bulgaria: Email Passwords of 2,439 Government Employees Exposed on the Dark Web
The Minister of e-Government, Alexander Yolovski, recently revealed that the passwords associated with 2,439 government employee email addresses have been leaked onto the dark web. This disclosure came in response to inquiries from the deputy of "We Continue the Change - Democratic Bulgaria," Bozhidar Bozhanov.
Verification conducted by the HaveIBeenPwned portal (HIBP), contracted by e-governance, revealed that 1,516 of the compromised email addresses belong to state administration domains. Additionally, 419 were linked to the government.bg domain, while 504 were associated with public free email platforms like mail.bg, abv.bg, and gmail.com, among others.
Minister Yolovski emphasized that the leaked password's origin—whether it pertains to the email itself or a registration on an external website—cannot be definitively determined. As a result, the compromised data is not classified as a cyber incident under existing laws.
Upon discovering a compromised password, government employees receive a notification from the National Computer Security Incident Response Team, providing details of the compromised password and a link to the HIBP portal for verification.
The Ministry of Electronic Government (MEG) has advised civil servants to change all passwords used and cautioned against using official email addresses for non-official website registrations.
The breach unfolded as a file containing 6 million records of Bulgarian domains, including 552 state administration addresses, 152 inactive domains, 3,775 student accounts for distance learning, and 8 municipal administration addresses, surfaced online.
- Log in to post comments