Hacker Says They Compromised ProtonMail; ProtonMail Calls BS (bleepingcomputer.com) 55
A hacker going by the name AmFearLiathMor is claiming to have hacked ProtonMail and stolen "significant" amounts of data. They have posted a ransom demand to an anonymous Pastebin but it reads like a prank, as it states that the alleged hackers have access to underwater drone activity and treaty violations in Antarctica. Lawrence Abrams writes via BleepingComputer: According to the message, a hacker going by the name AmFearLiathMor makes quite a few interesting claims such as hacking ProtonMail's services and stealing user's email, that ProtonMail is sending their user's decrypted data to American servers, and that ProtonMail is abusing the lack of Subresource Integrity (SRI) use to purposely and maliciously steal their user's passwords. After reading the Pastebin message (archive.is link), which is shown in its entirety below minus some alleged keys, and seeing the amount of claims, the first thing that came to mind was a corporate version of the sextortion scams that have been running rampant lately. As I kept reading it, though, it just felt like a joke. ProtonMail posted on Twitter that this is a hoax and that there is no evidence that anything states is true. The encrypted email service provided a statement to BleepingComputer: "We believe this extortion attempt is a hoax, and we have seen zero evidence to suggest otherwise. Not a single claim made is true and many of the claims are unsound from a technical standpoint. We are aware of a small number of ProtonMail accounts that have been compromised as a result of those individual users falling for phishing attempts. However, there is zero evidence of a breach of our infrastructure."
Most people are stupid (Score:2)
Criminals are generally stupid as well but can still profit if their victims are of comparable or higher stupidity. Of course, the Protonmail-Team might not be quite the right target for that...
Re: (Score:2)
I see I triggered you again. What a pathetic life you must have...
I also _know_ you are not apk....
Re:Most people are stupid (Score:5, Interesting)
This doesn't seem to be an attack on ProtonMail directly, but an attempt to reduce their userbase. Even a skilled rational user will spend a bit of time researching these claims, while the paranoid but dumb crowd are going to jump ship to some snake oil "secure" providers.
Re: (Score:2)
Good point. From that perspective it makes sense.
Irish? (Score:4, Informative)
The hacker's name is "The Great Wolf" in Irish.
(In case anyone was interested...)
Re: Irish? (Score:2)
Scots Gaelic Vs. Irish Gaelic. ðY
It's more likely the Scots version, yes. But the Irish translation is still correct.
Re: (Score:1)
A wolf is a mac tíre in Irish.
An = the, fear = man, Liath = Grey, Mor = big.
Re: Irish? (Score:2)
Yes, they are the words. The phrase, however, doesn't translate as the individual words. It's an idiom.
Re: (Score:2)
As the AC above me pointed out the name [wikipedia.org] comes from Scottish folklore.
Not sure where you get your translation [focloir.ie] from.
Damn mods should probably do a little fact checking before they rate 'stuff they read on the internet' as informative...
Re: (Score:2)
Yep, that seems to be how it works these days.
Re: (Score:1)
Worked for the Orange Guy.
Isn't Proton Mail encrypted locally? (Score:1)
It's not possible to compromise ProtonMail because it's encrypted locally on your computer. ProntonMail themselves can't even access it.
Well, it's suppose to be anyway. I suppose there could be a backdoor or something hidden that does allow access to the decrypted data. It's nearly impossible to audit Proton mail's Javascript.