Continuous DDoS is an attack on our right to privacy.

Tutanota keeps being attacked - now we must fight for our right to privacy.

2020-09-07
Tutanota is still being under DDoS by unknown adversaries. We are constantly mitigating the attacks. These attacks have been ongoing since middle of August, and while we have immensely improved our DDoS mitigation system since then, we have to keep fighting the attacks to make sure no one can stop you from using encrypted emails. We deeply thank all our users for bearing with us during this difficult time. Now is the time to support us and our fight for privacy to show the attackers that they will not be successful!
SIGN UP

Fight for privacy with us

Tutanota has now been under recurring DDoS attacks for almost one month. To this day, we have not received any notice from the attackers - no one has come forward or tried to blackmail us. Due to the level of sophistication of the ongoing attacks and changing attack vectors, we also constantly adapt to their attacks.

As they are not asking for any compensation, the only goal the attackers can have is to harm Tutanota and to stop people around the world to use encrypted emails. This is direct attack on our freedom and our right to privacy. Now is the time to support Tutanota and to fight with us for our right to privacy!

Please support our fight by upgrading your Tutanota account or by donating.

Mitigation improvement

While the attacks are ongoing, we are working hard to mitigate the constantly changing attacks. To achieve this, we have implemented improvements directly in Tutanota, which have made it already much harder for attackers and stopped several attack vectors. We are also working closely with our DDoS mitigation service to improve ours and their system.

While we have not yet achieved to stop any and all attacks, successful attacks have become much fewer in number and much shorter in time. Nevertheless, we apologize for any inconvenience caused by these outages and keep working hard on improving the system further.

Together with your help, we are confident that no attacker - no matter how powerful - will be able to harm Tutanota. When we stand together, we will be much stronger than any attacker. Thank you very much for your support.

Here we also want to answer the most frequent questions put to us via social media and email:

Is my data secure?

Yes, all data in Tutanota is securely encrypted and can't be accessed by anyone - not even by us.

What happened to my emails during the DDoS?

Emails received during the DDoS attacks were queued and delivered later. No emails were lost.

Did someone hack Tutanota?

No, the DDoS attack resulted in such a high volume of traffic to our servers that these were unavailable for several hours for our users. However, the attackers never hacked the Tutanota servers or gained access to any data stored on our servers. No data was breached.

Do I need to change my password?

No, changing the password is not necessary. Tutanota stores hashes of passwords. It is impossible to derive the actual password from this hash. Thus, no one can know your password, not even we at Tutanota. To protect your password, we use bcrypt and SHA256.

Why is there no status page for Tutanota's availability?

We have long wanted to publish a status page. However, as a privacy-first email service, we cannot use Google services to host a status page (like most services do). Hosting a status page ourselves would be the easiest, but this does not make any sense as the status page would be affected by a DDoS attack as well. We are preparing a status page right now and hope that it will go live in a couple of days.

Offline availability

We have already planned to add offline availability to Tutanota. We have now changed the priority of this feature to meet user demands. We understand that you need to access your mailbox at any time, and we are working hard to meet this demand.

Big thanks to the community

Finally, we want to thank the entire Tutanota community for bearing with us during this hard time. The ongoing DDoS caused our core team some sleepless nights, but we keep fighting the attacks. Combined with your support, we will come out of this even stronger than before!

Even if someone does not want you to use secure and private email, we will keep fighting for your right to privacy.

Thank you very much for your support.

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
Apple is finally giving you the choice: Take it and install a private browser right now!
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate