Millions of email users at risk as hackers could steal passwords

A study has found that more than 3 million email servers are not protecting your passwords, leaving them vulnerable to hacker attacks, writes Tom's Guide. We've picked the main ones.

What happened

New research published by the Shadowserver Foundation has shown that more than 3 million servers that use the POP3 and IMAP protocols do not have TLS encryption enabled.

TLS (Transport Layer Security) technology is used to encrypt data transmitted between servers and users' email. This means that data such as passwords and messages are transmitted unprotected and can be intercepted by hackers.

The largest number of such servers is located in the United States — almost 900,000, as well as in Germany and Poland — 560,000 and 380,000 respectively. The lack of protection is vulnerable for both private users and companies that use mail servers. In addition, the lack of encryption can allow attacks on servers in which attackers try to guess passwords, which makes the system even more vulnerable.

How to protect data

The Shadowserver Foundation urges all users to check their mail servers for TLS encryption and recommends contacting their service providers to ensure the security of their accounts.

Today, companies such as Apple, Google, Microsoft, and Mozilla already use TLS to protect their services. Thus, users can not worry that their data is at risk.