A security organization has discovered that over 3.3 million servers around the world, including many in the US, Germany, and Poland, are running outdated email services without encryption enabled. The Shadowserver Foundation, a nonprofit security group, has been tracking these vulnerable servers and is warning users to take action.
POP3 (Post Office Protocol version 3) and IMAP (Internet Message Access Protocol) are older protocols that were once widely used for retrieving emails from mail servers. However, they do not provide the same level of security as newer protocols like TLS encryption.
The Shadowserver Foundation has found nearly 900,000 POP3/IMAP servers in the US and over 523,000 in Germany, with smaller numbers in Poland (381,800) and Japan (301,800). Users of these email services are at risk if their communications can be intercepted by anyone with basic network monitoring tools.
According to the Shadowserver Foundation, even without encryption, service exposure may enable password-guessing attacks against the server. The organization is notifying hosts running POP3/IMAP services without TLS enabled, urging users to take action to secure their accounts and protect their sensitive information.
Source: https://cybernews.com/security/millions-of-email-services-sending-passwords-in-plain-text