Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Encryption Privacy The Internet Technology

Hacker Says They Compromised ProtonMail; ProtonMail Calls BS (bleepingcomputer.com) 55

A hacker going by the name AmFearLiathMor is claiming to have hacked ProtonMail and stolen "significant" amounts of data. They have posted a ransom demand to an anonymous Pastebin but it reads like a prank, as it states that the alleged hackers have access to underwater drone activity and treaty violations in Antarctica. Lawrence Abrams writes via BleepingComputer: According to the message, a hacker going by the name AmFearLiathMor makes quite a few interesting claims such as hacking ProtonMail's services and stealing user's email, that ProtonMail is sending their user's decrypted data to American servers, and that ProtonMail is abusing the lack of Subresource Integrity (SRI) use to purposely and maliciously steal their user's passwords. After reading the Pastebin message (archive.is link), which is shown in its entirety below minus some alleged keys, and seeing the amount of claims, the first thing that came to mind was a corporate version of the sextortion scams that have been running rampant lately. As I kept reading it, though, it just felt like a joke. ProtonMail posted on Twitter that this is a hoax and that there is no evidence that anything states is true. The encrypted email service provided a statement to BleepingComputer: "We believe this extortion attempt is a hoax, and we have seen zero evidence to suggest otherwise. Not a single claim made is true and many of the claims are unsound from a technical standpoint. We are aware of a small number of ProtonMail accounts that have been compromised as a result of those individual users falling for phishing attempts. However, there is zero evidence of a breach of our infrastructure."
This discussion has been archived. No new comments can be posted.

Hacker Says They Compromised ProtonMail; ProtonMail Calls BS

Comments Filter:
  • Criminals are generally stupid as well but can still profit if their victims are of comparable or higher stupidity. Of course, the Protonmail-Team might not be quite the right target for that...

  • Irish? (Score:4, Informative)

    by Tomahawk ( 1343 ) on Saturday November 17, 2018 @02:31PM (#57661348) Homepage

    The hacker's name is "The Great Wolf" in Irish.
    (In case anyone was interested...)

    • by Whibla ( 210729 )

      As the AC above me pointed out the name [wikipedia.org] comes from Scottish folklore.

      Not sure where you get your translation [focloir.ie] from.

      Damn mods should probably do a little fact checking before they rate 'stuff they read on the internet' as informative...

  • by Anonymous Coward

    It's not possible to compromise ProtonMail because it's encrypted locally on your computer. ProntonMail themselves can't even access it.

    Well, it's suppose to be anyway. I suppose there could be a backdoor or something hidden that does allow access to the decrypted data. It's nearly impossible to audit Proton mail's Javascript.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...