Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers.
The company currently has over 2 million users, some of them were not able to access the service for several hours.
The first DDoS attacks targeted Tutanota on the weekend before September 14th, following the attacks a few hundred users were not able to access the service. The company quickly mitigated the attacks by restricting an “overreacting IP-block” responsible for the attack.
“This weekend continuous DDoS attacks and an infrastructure issue led to donwtimes for hundreds of users. While we were able to mitigate most of the DDoS, an overreacting IP-block to fight the attacks led to hundreds of users not being able to access Tutanota for multiple hours this Sunday. ” reads a blog post published by Tutanota.
The company explained it has enhanced anti-DDoS measures which should make it quicker to such kinds of attacks in the future.
“We are now able to mitigate most attacks within short times,” continues the post.
In the second wave of attacks, threat actors hit the DNS provider which hosts records for Tutanota, instead of the company servers.
“After multiple direct attacks on Tutanota, the attacker yesterday aimed at two providers that host the Tutanota DNS records.” reads a second post published by the German company.
“As a result these providers went down. We quickly tried to update our DNS records and host them at another provider. This did not work initially because the DNS entries got locked at one of the DNS hosting providers.”
Due to the DDoS attacks, the DNS providers were down and the company was not able to change the DNS entries for its domain. Millions of users were not able to access their Tutanota accounts.
“While we were moving another domain to a different registrar, our tutanota.com domain got unlocked again. We then registered our domain on a third, more robust DNS hosting provider that is able to hold against the ongoing attacks.” continues the post. “We have updated our DNS records, and universal access has finally been restored Thursday morning around 7:30 CET.”
The company explained that due to the intermittent outages several emails sent to its users may have not been delivered.
Tutanota confirmed that no user data was compromised following the attacks, it also added that it is still suffering accessibility issues.
“Issues that are remaining now are caused by caching and propagation: Each DNS server does not ask for the next update, until the old DNS entry expires. Some servers cached old nameservers during the time that our domain was locked.” concluded the post.
“This is the reason why Tutanota is still not accessible for some users, even though our status page says that everything is up and running. DNS entries are slowly propagating so that soon all users can access Tutanota again.”
(SecurityAffairs – hacking, Tutanota)