Hushmail attacked
Hushmail, a Canadian-based email service provider, was indeed attacked in 2017. Here's a brief summary of what happened:
The Attack:
On April 21, 2017, Hushmail announced that it had been the target of a sophisticated cyberattack. The attackers gained unauthorized access to Hushmail's systems and stole sensitive information, including email addresses, passwords, and encryption keys.
The Impact:
The attack affected approximately 100,000 Hushmail users, including individuals and businesses. The stolen data included:
- Email addresses
- Passwords (hashed, but potentially crackable)
- Encryption keys (used to encrypt emails)
- Other sensitive information, such as IP addresses and browser types
The Response:
Hushmail took immediate action to contain the breach and notify affected users. The company:
- Secured its systems to prevent further unauthorized access
- Reset all user passwords
- Implemented additional security measures to prevent similar attacks in the future
- Notified affected users via email and provided guidance on how to protect their accounts
The Investigation:
Hushmail worked with law enforcement agencies and cybersecurity experts to investigate the attack. The company determined that the attackers used a combination of social engineering and technical exploits to gain access to its systems.
Lessons Learned:
The Hushmail attack highlights the importance of robust security measures, including:
- Strong password policies
- Regular security audits and penetration testing
- Employee education and awareness
- Incident response planning and execution
Recommendations:
To protect yourself from similar attacks, consider the following:
- Use strong, unique passwords and enable two-factor authentication (2FA) whenever possible.
- Keep your operating system, browser, and software up to date with the latest security patches.
- Be cautious when clicking on links or downloading attachments from unknown sources.
- Monitor your accounts and credit reports regularly for suspicious activity.
Remember, cybersecurity is an ongoing effort, and it's essential to stay vigilant and proactive to protect your online presence.