Encrypted email service Tuta was the victim of several DDoS attacks this week.
The Germany-based provider first announced the incident with a message on X on Tuesday, December 3, 2024, with another attack causing service downtime two days later. Tuta is said to have successfully repelled both attacks, but some users are still complaining about problems accessing their accounts or using the service.
Short for Distributed Denial of Service, the goal of a DDoS attack is to make a website, service or machine inaccessible to users. Cybercriminals achieve this by flooding the targeted network with Internet traffic, overwhelming their ability to continue serving legitimate requests.
The impact on Tuta users
“Although we have to continuously mitigate DDoS attacks, and usually do so without users noticing, the attackers used new attack vectors that our DDoS protection system was not prepared for,” Hanna Bozakov, press officer at Tuta, told Ny Breaking, in commentary on this. incidents of the week.
DDoS attacks cause downtime on targeted networks because they can no longer respond to user queries. Practically speaking, people using Tuta services were unable to access their accounts.
Although Tuta users were unable to access their mailboxes for some time, Bozakov ensures that emails received during the attack were not lost or users’ privacy compromised. She said: “(User data) is end-to-end encrypted on our servers and no data has been damaged. The attacks only target the availability of our service.”
The team is currently working to strengthen its systems against these types of attacks. However, Matthias Pfau, co-founder of Tuta, explains that these incidents are among the challenges of building a privacy-focused, secure email service.
He said: “Because we are a privacy-focused service, we cannot simply hide our application behind mitigation services that require our SSL key for their service. This would be a violation of the trust that users place in Tuta Mail to store their data. safe and private.”
Tuta’s sub-Reddit group is filled with frustrated customers reporting connectivity issues as of Monday, with the latest report shared just a few hours ago.
However, the provider confirms that the attacks have now weakened. At the time of writing it is Tuta’s status page also confirmed that “all systems are operational.”
If you are still having trouble accessing your inbox, it may mean that your IP address was blocked during the attacks by Tuta’s DDoS protection system.
One of the best VPN apps could help here, as it spoofs your IP address by assigning you a different one for each session. However, keep in mind that VPNs could also have been blocked by Tuta’s mitigation systems, as many people tried to use them during the attack.
Bozakov then suggests that you would rather use a completely different connection to access your Tuta’s app, such as a different Wi-Fi network or mobile internet data.
The provider is still analyzing the attacks at the time of writing and will publish a detailed report of what happened in the coming days.