Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most of the DDoS attacks, setting the IP was too hard to combat the attacks that resulted in hundreds of users not having access to Tutanota for several hours. Tutanota apologized deeply for this mistake; it has now been fixed. At this point they want to briefly explain why they had to set up the DDoS, what the progress has been like so far and what you can expect as the next steps.
Progress On The DDoS Measures
So far the company has improved the infrastructure enormously. However, this weekend Tutanota made a mistake in improving the system to contain DDoS attacks. This error led to an overreaction of the DDoS system, which then led to IP blockages even for normal users. As a result, hundreds of users were unable to access Tutanota.
The attacker was targeting DNS providers that host Tutanota entries. As a result, the provider’s servers were offline. Tutanola immediately tried to update the DNS entries and move them to another provider, but initially this did not work because the entries were blocked by one of the hosting providers. The DNS for the domain could not be changed, so the service was not available until the change could be achieved.
“This is an attack on our freedom and our right to privacy,” says co-founder of Tutanota. Tutanota would provide a secure means of communication for users around the world. These constant attacks against Tutanota seem to have only one goal: to stop citizens from using encrypted email. Combined with scanned DNS for the domain on various DNS servers, resulted in hours of downtime for millions of users.
