Once again alleged leaks from 🇵🇱 gov officials allegedly using private mailboxes for work. Assuming leaks are genuine, who did it doesn't really matter - the root cause is negligence of public officials and they are the only to blame 🤷 And they are to blame for both using private email for work, and for using it without sufficiently strong authentication.
https://oko.press/wyciek-rzadowych-danych-szerszy-niz-wiedzielismy-jest-kolejny-kanal/
Public gov.pl announcement kind of confirms the leaks were legitimate - and includes rather ridiculous statement about "helping the victims with securing their email" - as a reminder, these officials likely violated Polish law and gov operational procedures.
Presenting them as "victims" is just about as accurate as with someone knowingly driving on a public road in a car with no brakes 🤷
And it's not new - infosec community has been talking about it for years.
