Return to Level1Techs.com

Protonmail hacked; servers intentionally misconfigured -- Or not?

security
hacking

#1

I just received this link:


#2

Holy shit. Time to migrate just in case.


#3

Have you read this?


#4

As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.

Like any good conspiracy theory, it is impossible to disprove a breach. On the other hand, a breach can be easily proven by providing evidence. The lack of evidence strongly suggests there is no breach, and this is a simple case of online extortion.

Thus, we believe that this is a hoax and failed extortion attempt, and there is zero evidence to suggest otherwise. None of the claim made are true, and many of the claims are also unsound from a technical standpoint.

For instance, the criminals claim that ProtonMail is vulnerable because we do not use SRI (Subresource Integrity), but this claim is nonsense because ProtonMail doesn’t use any third party CDNs (content delivery networks) to serve our web app. We only use web servers that we operate and control ourselves, specifically to eliminate this potential attack vector.

We are aware of a small number of ProtonMail accounts which have been compromised as a result of those individual users falling for phishing attacks (this is why we encourage using 2FA). However, we currently have zero evidence of a breach of our infrastructure.

Our present policy is to always resist extortion attempts, and we never make payments in response to third party claims and allegations, unless they fall under the scope and criteria of our bug bounty program, where we always welcome the submission of vulnerabilities.

Upon further investigation, we were able to trace the source of the rumors back to 4chan where they were originally posted by the criminals in question. The claims there include increasingly ridiculous assertions such as:

  • CNN employees use ProtonMail and refer to the American people as prostitutes

  • Michael Avenatti uses ProtonMail and has a BDSM fetish

  • Private military contractors used ProtonMail to discuss circumventing the Geneva convention, underwater drone activities in the Pacific Ocean, and possible international treaty violations in Antarctica

  • Rampant pedophilia among high ranking government officials who use ProtonMail

In other words, the allegations appear designed to fuel certain right wing conspiracy theories in order to gain more attention. We don’t like to use the term, but this is starting to look very similar to “fake news.”

Due to our refusal to give in to the extortion attempt, the criminals involved are now attempting to spread the allegations publicly to harm ProtonMail. The best way to ensure that they do not succeed is to ignore them. Thank you again for your support.


#5

Watch as they don’t get paid and… publish nothing of significance.


#6

am I the only one getting this: “SSL_ERROR_NO_CYPHER_OVERLAP”


#7

Thanks for the links @BGL and @Eden


#8

For what?


#9

when I click OPs link :thinking:
might be my setup, wait a sec


#10

I love this bit from that pastebin

Historically it seems Protonmail makes unkind statements toward upstanding organizations like my own.

(emphasis mine)

Yeah… your “organisation” who allegedly hacked protonmail and then tried to extort them for money, and when that failed, publicly tried to damage them and attempt again to extort them for money.

Pretty sure there’s some law breaking there.

“upstanding” :smile: it reads like a teenager wrote it.


#11

What version of firefox are you using?


#12

I hope it’s just a prank or trolling. But I’m ready to nuke it if it’s not. Waiting for 23rd, I guess.


#13

Yeah, best course of action would be to wait. Since I haven’t been using my protonmail pw anywhere else the greatest concern is alleviated.


#14

I don’t use the same password on two places either. But I still don’t like the idea of anyone having access to my e-mail account.


#15

63.0.3 on my current machine, using Windows 10 right now. Edge shudder shows a very unhelpful message regarding TLS.

Maybe AntiVirus shenanigans …

Edit: Thanks for your help Eden I will take a look tomorrow, don’t want to derail the thread.


#16

That’s true ofc, and I wouldn’t like it either. Still, if for instance the protonmail pw is the very same as the amazon pw, the repercussions can be worse.


#17

Haha, I had some fun reading this. Some of the claims are beyond ridiculous.

Thanks for the link.


#18

You have set up MFA with Protonmail? If not do so, even with the correct password you can’t login with out the second layer of authentication.


#19

Interesting read, thanks for posting. It is somewhat dragging ProtonMail into the spotlight now though. All it takes for powers-that-be to demand backdoors, access etc because of the things mentioned at the end of the post. The whole point, at least initially when the CERN chaps set it up, was to provide an end to end service they didn’t have access to, no MITM to to speak.
Hosted in Switzerland, not sure how compelled they are to comply with any requests? At least they can say it is not possible.

What is this Four-Chan? :wink:


#20

They are compelled to follow the law of the country they are in like anyone else. They have posts I think going over what that entails. It’s perfectly reasonable.