CERT-In asks all departments to migrate to the updated @mail.gov.in platform

Following the global breach involving over 16 billion login credentials, the Indian government has issued an internal advisory urging all departments to migrate from the traditional @nic.in email domain to the updated @mail.gov.in platform. This shift comes amid heightened cybersecurity concerns and follows the June advisory by CERT-In warning of the leak of sensitive user data from leading tech platforms. The new email platform is being managed by Chennai-based tech company Zoho.

Zoho secured the government email services tender in late 2023. Sources have said that so far, there have been no confirmed breaches of government email IDs related to the leaked dataset. However, the advisory has been described as a preventive measure to mitigate potential risks.

Meanwhile, the Computer Emergency Response Team of India (CERT-In) issued advisory CIAD-2025-0024 on June 23. It alerted users to the exposure of credentials linked to platforms such as Apple, Google, Facebook, GitHub, Telegram, and several VPN services.

The advisory further noted that the leaked dataset contains usernames, passwords, authentication tokens, session cookies, and associated metadata, now reportedly circulating on the dark web.

The advisory recommends individuals to update their passwords, enable multi-factor authentication (MFA), and use phishing-resistant authentication methods like passkeys. For organisations, CERT-In urged the adoption of zero-trust architecture, enhanced monitoring of login activity, and rectifying misconfigured databases.