nsa cyberattack wannacry ransomware

Important lessons from the first NSA-powered ransomware cyberattack

May 15th, 2017 in Security

Last Friday, a weaponized version of a NSA exploit was used to infect over three hundred thousand computers in over 150 countries with the WannaCry ransomware. In addition to government ministries and transportation infrastructure, the British National Health Service (NHS) was crippled, disrupting treatment and care for thousands of patients, and putting countless lives at …

How to Prevent Phishing Attacks

May 10th, 2017 in Security

A typical way of getting hacked is falling for a phishing attack. In fact, most of the large data breaches in recent years have been due to phishing.   The number of phishing attacks is increasing because they are both easy to execute and highly effective. Even if the eventual goal of an attacker is an …

best vpn service

How to pick the best VPN service

March 7th, 2017 in Security

As the world’s largest encrypted email provider, people have frequently asked us what is the best VPN service. In this article, we discuss what to be aware of when choosing a VPN service, and our recommended VPN security requirements. What is a VPN? A Virtual Private Network (VPN) is a tool to secure your internet …

ProtonMail Security Advisory Regarding Yahoo Hack

September 23rd, 2016 in Security

Confirming what was long suspected by the security community, Yahoo today confirmed a massive breach of over 500 million email accounts, including both credentials and security questions. This is a major security incident that also has consequences for certain ProtonMail users so we are putting out this important security advisory. At the time of writing, …

Our Encrypted Email Service is Safe Against Linux TCP Vulnerability

August 12th, 2016 in Security

ProtonMail is not vulnerable to the recently announced Linux TCP Vulnerability Earlier this week, a rather serious Linux TCP Vulnerability was disclosed (CVE-2016-5696) by security researchers in the US. As a result, ProtonMail’s security team did an analysis of this bug to see if it compromises the integrity of ProtonMail’s encrypted email service. Our analysis …

Improve your secure email service by joining our back-end code audit

May 30th, 2016 in Security

To ensure the security of ProtonMail’s secure email service, we are looking for more back-end security auditors. At ProtonMail, our internal security team has always worked closely with our user community to ensure the security of our secure email service. ProtonMail’s strong security is partially due to the dozens of security contributors who have audited …

SSL Certificate Update

January 19th, 2016 in Security

On January 20th, 2016, ProtonMail will be updating the SSL certificate for protonmail.com. With this update, we will also be changing our Certificate Authority to QuoVadis Trustlink Schweiz AG. Along with the change in SSL certificate, we will also be moving the ProtonMail secure email service to a dedicated subdomain, mail.protonmail.com. We have also released …

2016 Email Security Roadmap

January 1st, 2016 in Security

For 2016, we are looking forward to another year of progress towards building easy-to-use secure email. Today, we are publishing our first security roadmap. Over the course of 2015, we have taken several big steps towards making ProtonMail the easiest to use secure email service. Some highlights of 2015 include the release of ProtonMail 2.0, …

Secure Email DDoS Protection

Guide to DDoS protection

December 15th, 2015 in Security

Last month, secure email came under DDoS attack, this is how we added DDoS protection to ProtonMail.   Dec 16, 2015 Update: After we publicly posted the data at the end of this post, the attackers swiftly retaliated with a 59 Gbps attack. We were able to successfully mitigate with help from Radware. We knew …

ProtonMail Bug Bounty Proram

ProtonMail Bug Bounty Program

August 12th, 2015 in Security

UPDATE Feb 2nd, 2016: We have made a number of updates to our bug bounty program. The updated program is below: At ProtonMail, our goal is to build the world’s most secure email service. In order to do this, community participation in securing ProtonMail is essential, and that is the spirit behind our bug bounty …

Summary of HSTS Support in Modern Browsers

May 28th, 2015 in Security

This a guest blog post by Mazin Ahmed, an external security expert who has helped test and audit ProtonMail. We hope it will educate our readers about web security. HTTP Strict Transport Security (HSTS) is a web security policy that is made to protect secure HTTPS websites against downgrade attacks that is used to perform …

ProtonMail Upgrades SSL Certificates

February 13th, 2015 in Security

Last week, we underwent the process of fortifying our SSL certificates. As part of our effort to provide the highest level of security and privacy to our users, we have upgraded every single certificate that we use. The new SSL certificates have several marked improvements over the previous ones. All certificates now use the highest …

Get your secure email account
Create Account

Proton Technologies AG

Chemin du Pré-Fleuri, 3
CH-1228 Plan-les-Ouates, Genève, Switzerland

For support inquiries, please visit
protonmail.com/support

For security related discussions
security@protonmail.ch