In a major cybersecurity precaution, the Indian government has advised all ministries and departments to migrate their official email communications from the long-standing @nic.in domain to a new @mail.gov.in platform hosted by the National Informatics Centre (NIC) and powered by Zoho. The move comes in response to a recent global data breach that exposed over 16 billion login credentials across 30 datasets—one of the largest leaks ever recorded.

Though there is no evidence of any Indian government email accounts being compromised, the advisory aims to pre-empt potential threats in the evolving landscape of digital warfare and cybercrime. The National Cyber Coordination Centre (NCCC), in consultation with the Indian Computer Emergency Response Team (CERT-In), has marked this migration as a proactive shift toward enhanced email security and infrastructure modernization.

According to security sources, the directive was issued following CERT-In’s alert on June 23, which confirmed that the leaked datasets include credentials from top global platforms such as Apple, Google, Facebook, Telegram, GitHub, and multiple VPN services. In addition to usernames and passwords, the leak also exposed authentication tokens, session cookies, and sensitive metadata, much of which is reportedly circulating on the dark web.

Officials familiar with the matter told 420.in that the timing of the move coincides with an unrelated phishing attempt targeting a defence-linked government email. While no breach occurred, the incident served as a red flag highlighting the urgency of strengthening cyber hygiene protocols.

The new @mail.gov.in platform is said to be fortified with modern security layers, including multi-factor authentication (MFA), end-to-end encryption, and real-time threat detection systems. The migration will be rolled out in phases across departments, with clear directives to avoid any service disruption.

In parallel, CERT-In has released a public advisory urging all internet users—government employees and civilians alike—to reset passwords, enable MFA, and transition toward phishing-resistant login methods such as passkeys. The agency also emphasized zero-trust security models, urging organizations to monitor for suspicious access behaviour and misconfigured databases.

Cybersecurity experts have confirmed that the leaked credentials are not rehashed from older breaches, but rather sourced from infostealer malware and exposed storage systems. The datasets, some of which contain hundreds of millions of fresh records, pose serious risks for phishing attacks, credential stuffing, and business email compromise (BEC).