Hi,
I'm just wondering if the admin who posted the warning message about protonmail being unsafe to use could elaborate more please?
As a web developer, the issue outlined in the warning makes very little sense. I have a feeling that the admin who issued the message may be the victim of a "man-in-the-browser" attack (MITB). This is caused by malware running on the users local machine, most likely created by someone targeting DBG.
Protonmail uses end-to-end encryption, so the concept of emails being intercepted by a scammer is impossible unless a man-in-the-browser attack is being used or vendors have had their protonmail passwords phished and accounts compromised, but this seems extremely unlikely on a wide scale.
Another possibility could be a data breach and leak of protonmail accounts and passwords, but this would have been widely reported on in the tech community, plus protonmail uses bcrypt to hash user passwords, so passwords being leaked in plain text would be next to impossible even if a data breach had occurred.
I'd recommend using Malwarebytes to scan for MITB malware on your machine.
I'm just wondering if the admin who posted the warning message about protonmail being unsafe to use could elaborate more please?
As a web developer, the issue outlined in the warning makes very little sense. I have a feeling that the admin who issued the message may be the victim of a "man-in-the-browser" attack (MITB). This is caused by malware running on the users local machine, most likely created by someone targeting DBG.
Protonmail uses end-to-end encryption, so the concept of emails being intercepted by a scammer is impossible unless a man-in-the-browser attack is being used or vendors have had their protonmail passwords phished and accounts compromised, but this seems extremely unlikely on a wide scale.
Another possibility could be a data breach and leak of protonmail accounts and passwords, but this would have been widely reported on in the tech community, plus protonmail uses bcrypt to hash user passwords, so passwords being leaked in plain text would be next to impossible even if a data breach had occurred.
I'd recommend using Malwarebytes to scan for MITB malware on your machine.
Last edited by a moderator: