Hackers claim to have compromised ProtonMail, but ProtonMail calls it ‘a hoax and failed extortion attempt’.
Last week, hackers attempted to extort ProtonMail by alleging a data breach with no evidence. One of the alleged hackers named, AmFearLiathMor has written in the message that, “We hacked Protonmail and have a significant amount of their data from the past few months. We are offering it back to Protonmail for a small fee if they decline then we will publish or sell user data to the world.”
ProtonMail is one of the largest secure email services developed by CERN and MIT. The team at ProtonMail clarified, “We have no indications of any breach from our internal infrastructure monitoring.”
Though, with further investigation, the team traced the source of the rumors on 4chan, a simple image-based bulletin board, where anyone can post comments and share images anonymously. The claims there included:
- CNN employees use ProtonMail and refer to the American people as prostitutes.
- Michael Avenatti uses ProtonMail and has a BDSM fetish.
- Private military contractors used ProtonMail to discuss circumventing the Geneva convention, underwater drone activities in the Pacific Ocean, and possible international treaty violations in Antarctica.
- Rampant pedophilia among high ranking government officials who use ProtonMail.
ProtonMail’s team said, “We believe that this is a hoax and failed extortion attempt, and there is zero evidence to suggest otherwise.” For example, the criminals claimed that ProtonMail is vulnerable because the company doesn’t use SRI (Subresource Integrity), but this claim is baseless because it doesn’t use any third party CDNs (content delivery networks) to serve the web app. ProtonMail only uses web servers that specifically eliminate the potential attack vector.
The team said, “We are aware of a small number of ProtonMail accounts which have been compromised as a result of those individual users falling for phishing attacks (this is why we encourage using 2FA). However, we currently have zero evidence of a breach of our infrastructure.”
As per the report by BleepingComputer, the hackers might send $20 in bitcoin to the one who would spread the word about this hack using #Protonmail on Twitter.
People have given a mixed reaction to this news. Many are just scared and do not wish to take any risks and suggest to change the password.
This extortion attempt is a hoax and have seen zero evidence to suggest otherwise.
— ProtonMail (@ProtonMail) November 16, 2018
I believe in hackers, you just want to save yourself
— crytorekt (@crytorekt1) November 16, 2018
The team said, “The best way to ensure that they (criminals) do not succeed is to ignore them.”
As a lot of users find this platform secure, this alleged hacking news, which is probably false, has still managed to create some impact on the users. The latest announcement on the Read recipients feature by the company could be a small distraction but is it enough to move the attention from the hacking news?
Read receipts are now in beta! You can test this new feature at https://t.co/uMuczzA3pq. Learn more here: https://t.co/e2bpuRQR1X pic.twitter.com/OA7WRHRgf4
— ProtonMail (@ProtonMail) November 16, 2018
Read more about this news on Reddit.
Read Next
Timehop suffers data breach; 21 million users’ data compromised
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Amrata Joshi. Read the original post at: https://hub.packtpub.com/hackers-claim-to-have-compromised-protonmail-but-protonmail-calls-it-a-hoax-and-failed-extortion-attempt/
