Hackers claim to have compromised ProtonMail, but ProtonMail calls it ‘a hoax and failed extortion attempt’.

Last week, hackers attempted to extort ProtonMail by alleging a data breach with no evidence. One of the alleged hackers named, AmFearLiathMor has written in the message that, “We hacked Protonmail and have a significant amount of their data from the past few months. We are offering it back to Protonmail for a small fee if they decline then we will publish or sell user data to the world.”

ProtonMail is one of the largest secure email services developed by CERN and MIT. The team at ProtonMail clarified, “We have no indications of any breach from our internal infrastructure monitoring.”

Though, with further investigation, the team traced the source of the rumors on 4chan, a simple image-based bulletin board, where anyone can post comments and share images anonymously. The claims there included:

• CNN employees use ProtonMail and refer to the American people as prostitutes.
• Michael Avenatti uses ProtonMail and has a BDSM fetish.
• Private military contractors used ProtonMail to discuss circumventing the Geneva convention, underwater drone activities in the Pacific Ocean, and possible international treaty violations in Antarctica.
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime
START FREE TRIAL
• Rampant pedophilia among high ranking government officials who use ProtonMail.

ProtonMail's team said, “We believe that this is a hoax and failed extortion attempt, and there is zero evidence to suggest otherwise.”  For example, the criminals claimed that ProtonMail is vulnerable because the company doesn’t use SRI (Subresource Integrity), but this claim is baseless because it doesn't use any third party CDNs (content delivery networks) to serve the web app. ProtonMail only uses web servers that specifically eliminate the potential attack vector.

The team said, “We are aware of a small number of ProtonMail accounts which have been compromised as a result of those individual users falling for phishing attacks (this is why we encourage using 2FA). However, we currently have zero evidence of a breach of our infrastructure.”

As per the report by BleepingComputer, the hackers might send $20 in bitcoin to the one who would spread the word about this hack using #Protonmail on Twitter.

People have given a mixed reaction to this news. Many are just scared and do not wish to take any risks and suggest to change the password.

https://twitter.com/ProtonMail/status/1063392853014048768

 

https://twitter.com/crytorekt1/status/1063452592792051713

The team said, “The best way to ensure that they (criminals) do not succeed is to ignore them.”

As a lot of users find this platform secure, this alleged hacking news, which is probably false, has still managed to create some impact on the users. The latest announcement on the Read recipients feature by the company could be a small distraction but is it enough to move the attention from the hacking news?

https://twitter.com/ProtonMail/status/1063485043660734464

Read more about this news on Reddit.

A new data breach on Facebook due to malicious browser extensions allowed almost 81,000 users’ private data up for sale, reports BBC News

Cathay Pacific, a major Hong Kong based airlines, suffer data breach affecting 9.4 million passengers

Timehop suffers data breach; 21 million users’ data compromised