After last week’s announcement of an even larger Yahoo breach impacting 1 billion users, signups of ProtonMail have doubled again to hit an all time high due to users looking for a Yahoo Mail replacement.
Update February 16th, 2017 – Yahoo just announced another major breach, which took place in 2015 and 2016. We had added more details about what you should do if you have a Yahoo account at the end of this blog post.
The large number of new users coming from Yahoo Mail is not very surprising given that ProtonMail’s core focus is email security and privacy. We first noticed the trend on social media when a large number of Tweets began appearing mentioning ProtonMail as a Yahoo Mail replacement. Starting on December 15th, the day the Yahoo breach was announced, ProtonMail’s growth rate effectively doubled as can be seen in the above chart.
We also saw ProtonMail signups jump dramatically last month after the US presidential election. The number of ProtonMail users is increasing, but the composition is also changing. After the Yahoo hack was announced, the German Federal Office for Information Security (BSI) also advised German citizens to stop using Yahoo Mail. German citizens looking for a Yahoo replacement are now a much bigger proportion of ProtonMail’s userbase, making up 8.5% of visitors, up from around 4% historically, surpassing both France and the UK.
Users coming from Yahoo will find at ProtonMail a very easy-to-use email experience, but underlying that is also an entirely different approach to security. As the Yahoo exodus continues, we have received more and more questions from Yahoo users in recent days, so in this post, we will try to answer the most common questions.
Why You Should Stop Using Yahoo Mail
This is the third major security incident to hit Yahoo Mail in 3 months. In the first incident, announced on September 22, a record 500 million accounts were breached, then the biggest breach in history. Then on October 4, it was revealed that Yahoo had willingly abetted the NSA in conducting indiscriminate mass surveillance on all Yahoo users. Finally, on December 15th, Yahoo shattered its own record by disclosing that over 1 billion accounts had been breached.
We have recently observed that, many people do not grasp the repercussions email breaches can have on their lives or on the lives of those around them. In the Yahoo breach, attackers gained access to users’ first and last names, telephone numbers, passwords, dates of birth and answers to their security questions. Let’s consider the case of Jane, a hypothetical Yahoo Mail user.
Because three years have elapsed between when the breach occurred (2013) and when it was discovered, attackers have had three years of time to stroll through her mail; read about any medical details she shared about her family, trips she took abroad, purchases she made, and any intimate details ever sent via her Yahoo account, not to mention compromise other accounts which share information such as security questions.
Email in particular is very sensitive because it is often the common thread that ties together our digital lives. Breaching an email account is equivalent to breaching all other accounts linked to that email, for example your Facebook, Amazon, or iTunes account, just to name a few.
The Yahoo breach is particularly bad because as recently as 2013, Yahoo was using the outdated md5 algorithm to hash passwords. md5 has been considered to be broken for over a decade and because Yahoo was using md5, the stolen credentials can be relatively easily cracked, magnifying the damage from the breach. Simply put, using md5 in 2013 was not only negligent, it shows an utter disregard for user safety.
Security by Design
Security is difficult. There’s no getting around this basic fact. Yet, there is still much that can be done to protect data. One of the best ways to protect data is to simply not have it. This is the approach that ProtonMail has taken with end-to-end encryption and why we are a more secure alternative to Yahoo Mail.
All ProtonMail inboxes are protected with end-to-end encryption, meaning that we don’t have the ability to read your messages. The benefit of this is that if ProtonMail is ever breached, attackers also will not be able to read your messages. In other words, an attacker cannot steal from us something that we do not have access to. We also utilize much stronger authentication that does not require password equivalent data to be transmitted over the network, greatly reducing the risk from an active Man-in-the-Middle attack.
This might seem like common sense, but end-to-end encryption is not utilized by Yahoo or Gmail. The reason is simple. End-to-end encryption makes it impossible to read user data, so it also makes it impossible to show advertisements effectively. The way Yahoo or Gmail figure out which advertisements to show you is by reading your email to learn about your interests and your life. Because Yahoo and Google derive the bulk of their revenue from showing ads, being able to read user data is more important than security. After all, you are the product that is being packaged and sold to advertisers.
We truly believe that the only chance to protect data in the digital age is to build systems that are secure by design. This means services should be built from the ground up with security as a central consideration, and not merely as an afterthought. Unfortunately, this concept just isn’t compatible with the ad-based business model of the majority of the Internet.
This is why ProtonMail is pioneering a different model as an alternative to Yahoo and Google. We cannot read your data, and we do not work with advertisers. Instead, ProtonMail is funded by the user community, either through donations or paid accounts. Because users and not advertisers are our priority, we are free to build an email service that puts security and privacy first.
We believe that data breaches will become increasingly common in the future due to the asymmetric nature of fighting cyberattacks. As there is no such thing as 100% security, no service, not even ProtonMail, is immune to data breaches. If you cannot eliminate a risk, the next best thing is to mitigate it.
In such an environment, companies have an obligation to act responsibly and use end-to-end encryption on as much data as possible, in addition to collecting as little data as possible. Unfortunately, if the trend of sacrificing privacy and security for advertising revenue continues, so will the trend of devastating data breaches. However, thanks to your support, we are now ushering in a new era for the Internet where security and privacy come first.
The ProtonMail Team
For questions and comment, you can reach us at firstname.lastname@example.org.
You can get a free secure email account from ProtonMail here.
Images in this blog post are provided under a free and unrestricted license.
Updated information regarding a third Yahoo breach announced on February 15th, 2017.
On February 15, 2017, Yahoo made an additional announcement following up on the previous hack disclosed in December. Yahoo announced that more user accounts (more than the original 1 billion that was originally reported), might have been compromised as a result of a technical trick that involves forging cookies. The attack works by tricking Yahoo that you have already been logged in, therefore an attacker doesn’t have to steal your password but can proceed directly to extracting data from your inbox. Yahoo did not specify how many more users were affected by it but mentioned that the attack might have happened sometime between 2015 and 2016.
If you have a Yahoo mail account, we recommend immediately taking the steps we outlined here to secure your Yahoo email address, or better yet, just delete your Yahoo account. This is the third major security incident involving Yahoo Mail and the fact that it occurred in 2016 means that Yahoo mail is likely still compromised. Thus, we recommend immediately switching to a more secure email provider.
Some users have written us with questions about whether or not ProtonMail is vulnerable to the flaw that caused Yahoo to get hacked. ProtonMail is not susceptible to the attack that hit Yahoo because our secure authentication scheme cannot be bypassed by forging cookies. We have published the technical details about our secure email authentication scheme.