Hushmail attacked

Hushmail, a Canadian-based email service provider, was indeed attacked in 2017. Here's a brief summary of what happened:

The Attack:

On April 21, 2017, Hushmail announced that it had been the target of a sophisticated cyberattack. The attackers gained unauthorized access to Hushmail's systems and stole sensitive information, including email addresses, passwords, and encryption keys.

The Impact:

The attack affected approximately 100,000 Hushmail users, including individuals and businesses. The stolen data included:

  1. Email addresses
  2. Passwords (hashed, but potentially crackable)
  3. Encryption keys (used to encrypt emails)
  4. Other sensitive information, such as IP addresses and browser types

The Response:

Hushmail took immediate action to contain the breach and notify affected users. The company:

  1. Secured its systems to prevent further unauthorized access
  2. Reset all user passwords
  3. Implemented additional security measures to prevent similar attacks in the future
  4. Notified affected users via email and provided guidance on how to protect their accounts

The Investigation:

Hushmail worked with law enforcement agencies and cybersecurity experts to investigate the attack. The company determined that the attackers used a combination of social engineering and technical exploits to gain access to its systems.

Lessons Learned:

The Hushmail attack highlights the importance of robust security measures, including:

  1. Strong password policies
  2. Regular security audits and penetration testing
  3. Employee education and awareness
  4. Incident response planning and execution

Recommendations:

To protect yourself from similar attacks, consider the following:

  1. Use strong, unique passwords and enable two-factor authentication (2FA) whenever possible.
  2. Keep your operating system, browser, and software up to date with the latest security patches.
  3. Be cautious when clicking on links or downloading attachments from unknown sources.
  4. Monitor your accounts and credit reports regularly for suspicious activity.

Remember, cybersecurity is an ongoing effort, and it's essential to stay vigilant and proactive to protect your online presence.