On March 18, White House employee Ryan McAvoy forgot at the bus stop a sheet with the address and password from the encrypted email ProtonMail. Employees of The Intercept confirmed that they received a leaflet with the user’s data from the source who found it at the bus stop.
The finder managed to confirm the authenticity of the address and password from e-mail. The White House employee wrote them on plain writing paper from a letterhead. For publication in the media, the authors had to close personal data in order not to expose the owner of the mail.
It is not known whether the disclosed email was used for work or only for personal purposes. As noted by Gizmodo, ProtonMail is an encrypted e-mail from Switzerland, which uses end-to-end encryption to prevent hackers from accessing emails during hacking. The publication added that the use of such services violates the law on the storage of federal records on the territory of the agency.
On the night of March 20, ProtonMail issued a statement about the incident, which called on users “not to be such idiots with respect to passwords.”
Do not write down the password on a piece of paper and do not lose this sheet. Enable two-factor authentication. Without a good password check, no encryption will protect your data. We strongly recommend that you read our safety manual. In other words, do not be like that guy.
The company added that they do not share customer information with third parties and advertisers, nor violate the law on the storage of federal records. According to ProtonMail, politicians and officials have the right to own personal mail with encryption, since this does not violate the law. The White House did not give any comments.