A hacker using a moniker AmFearLiathMor has claimed his success in hacking the prominent end-to-end encrypted email service ProtonMail, baffling the cyber community. Though the identity of the hacker is still not very clear it has been speculated that huge amounts of significant data from the company.
As per reports, a ransom demand link archive.is link was posted on Pastebin in which the hacker has claimed to successfully compromise a user’s email using PotonMail service. The hacker indicated that the hack was a reaction to ProtonMail service alleged transfer of data to American servers. The hacker further on proving his point stated that ProtonMail hasn’t configured the mandatory Sub resource Integrity (SRI) which allowed data tampering and collection.
Hacker wrote, “We hacked Protonmail and have a significant amount of their data from the past few months. We are offering it back to Protonmail for a small fee; if they decline then we will publish or sell user data to the world.”
“While Protonmail’s open-source code can be freely audited on Github, they haven’t configured the mandatory SRI feature (https://www.w3.org/TR/SRI/). This leaves users without any guarantee about their source code integrity, thus allowing tampering and data collection at anytime. This will be totally transparent and unnoticed, because without enabling SRI all the users should inspect the website run time code and its connections manually in the same moment they’re being tampered with by Protonmail to discover it.”
“Incidentally during this period we noticed that Protonmail sends decrypted user data to American servers frequently. This may be due to the Swiss MLAT treaty requiring swiss companies reveal all their data to the Americans. However it also might be possible they are sending this decrypted user data to the American firm that owns them. This was simply a surprising thing to note but did not significantly influence our operation.”
Though ProtonMail has completely denied the claim issuing a response on social media as follows:
ProtonMail further said that “This extortion attempt is a hoax and we have seen zero evidence to suggest otherwise.”
Though ProtonMail did accept that it had taken note of of a limited number of hacked accounts that have been compromised likely through credential stuffing of phishing attacks but denied any breach of system.
As per the company’s released statement “As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.” wrote the company.
“Like any good conspiracy theory, it is impossible to disprove a breach. On the other hand, a breach can be easily proven by providing evidence. The lack of evidence strongly suggests there is no breach, and this is a simple case of online extortion.”
The validity of the hack is still to be made. Though the hackers are confidently claiming that they were able to breach in account of Michael Avenatti and CNN employees and are also now offering $20 USD in bitcoin for spreading info about the alleged hack using the #Protonmail hashtag on Twitter.
As per the chain of statements released by hackers it can be at least predicted that the weird mix of political information and hacking propaganda against ProtonMail has a lot more to do with hampering credibility of the company rather than a extortion effort.