EFAIL Vulnerability

Recently, a vulnerability affecting many OpenPGP encryption tools named EFAIL was discovered by security researchers. However, Hushmail is not affected by this vulnerability and customers are protected from these attacks.

Hushmail uses email encryption based on OpenPGP, an open source end-to-end encryption standard. The OpenPGP standard protects against attacks like EFAIL by supporting authenticated encryption. The EFAIL vulnerability works by attacking programs and plug-ins which support older implementations of OpenPGP which do not enforce authenticated encryption.

We do not maintain backwards compatibility with older implementations of OpenPGP and therefore are not affected by this vulnerability. We always enforce authenticated encryption and therefore, our customers are protected against EFAIL and related attacks.