Germany-based secure email provider Tutanota was victim of a sophisticated DDoS attack that affected its service for several hours. The multi-layered attack took place on 15th August and caused Totanota servers to go offline. Some users continued to face connectivity issues for at least two more days after the attack was mitigated by Tutanota team.
As a result of the attack, Totanota was listed in some spam lists for at least two days. Tutanota said they had contacted spam list owners to remove itself from those lists.
In a blog post, Tutanota’s co-founder Matthias shared details of the attack which led to the longest downtime of the service in recent years. He said no data was lost or breached and there was no need to change passwords.
“We do not know who is behind the attack or why they attacked Tutanota. It looks like someone wants to prevent all of you from using secure and private email, but we won’t let that happen,” wrote Matthias. “We are committed to fighting for your privacy on all ends.”
Launched in 2011, Tutanota still does not support offline emails. A user has to remain online to access emails, which is not always possible. In case of email provider itself going offline — like it happened during the DDoS attack, users are left without their emails. IMAP connectivity is also not supported and users have to use Tutanota apps to access their emails. Offline availability remains on Tutanota’s roadmap but users are yet to hear something concrete about when it will become a reality. After the recent incident, offline availability was moved to higher in priority, according to a response on Reddit.
Additionally, a status page showing service availability or disruptions is also absent — leaving users in dark until the email service shares some information. The blog post explaining the DDoS incident addressed this saying Tutanota being privacy-first email service, it can’t use Google services to host a status page like most services do and that it was looking for a privacy-friendly option.
Nevertheless, Tutanota is a trusted and reliable service that offers end-to-end encrypted emails. Their service has managed to remain online with around 99% availability on an average. With DDoS taking down the service for several hours, Tutanota is reviewing and improving their DDoS protection, according to Matthias.