{"id":585,"date":"2018-05-14T17:50:46","date_gmt":"2018-05-14T17:50:46","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/28950\/Decade-Old-Efail-Attack-Can-Decrypt-Previously-Obtained-Encyrpted-Emails.html"},"modified":"2018-05-14T17:50:46","modified_gmt":"2018-05-14T17:50:46","slug":"decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/","title":{"rendered":"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/05\/efail-demo-795x498.png\"\/><\/p>\n<div class=\"caption-credit\">Sebastian Schinzel<\/div>\n<aside id=\"social-left\"><a title=\"41 posters participating, including story author.\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encrypted-e-mails\/?comments=1\"><span class=\"comment-count-before\">reader comments<\/span> <span class=\"comment-count-number\">56<\/span><\/a><\/p>\n<div class=\"share-links\"><span>Share this story<\/span> <\/div>\n<\/aside>\n<p>Unfixed bugs in widely used email programs make it possible for attackers to obtain the plaintext of messages that are encrypted using the PGP and S\/MIME standards, researchers said early Monday morning. The attacks assume that an attacker has possession of the encrypted emails and can trick either the original sender or one of the recipients into opening an invisible snippet of the intercepted message in a new email.<\/p>\n<aside class=\"pullbox sidebar story-sidebar right\">\n<\/aside>\n<p>The flaws, some of which have existed for more than a decade, are part of a series of vulnerabilities dubbed Efail described by a team of European researchers. The vulnerabilities allow attackers to exfiltrate email plaintexts by embedding the previously obtained ciphertext into unviewable parts of an email and combining it with HTML coding. Earlier on Monday, the researchers and the Electronic Frontier Foundation issued an <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now\/\">advisory recommending PGP and S\/MIME users disable the encryption in their email clients<\/a> but had planned to wait until Tuesday to provide technical details of the vulnerabilities. Within hours, the researchers published the paper, which is titled <a href=\"https:\/\/efail.de\/efail-attack-paper.pdf\"><em>Efail: Breaking S\/MIME and OpenPGP Email Encryption using Exfiltration Channels<\/em><\/a>.<\/p>\n<p>The most serious vulnerabilities have resided in Thunderbird, macOS Mail, and Outlook for more than 10 years and remain unfixed at the moment, the researchers said. Flaws in the way the programs handle emails with multiple body parts make it possible to embed invisible snippets of previously obtained encrypted text in new emails. By also including the Web address of an attacker-controlled server, the newly sent emails can cause the programs to send the corresponding plaintext to the server. The surreptitious exfiltration works against both the PGP and S\/MIME standards.<\/p>\n<p>\u201cIf you use PGP or S\/MIME for sensitive information then this is a big deal,\u201d Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars on Monday. \u201cIt means that those emails are potentially not secure. There is a real attack that can be exploited by people that allows them to decrypt a lot of encrypted email.\u201d<\/p>\n<p>So far the researchers have been unable to develop a working exploit that works when emails are viewed as text rather than in HTML. That means a less disruptive way to mitigate the vulnerability is to disable HTML in email clients. The researchers said they believe it may be possible to exfiltrate plaintext even when HTML is disabled using several different methods. One involves attaching malicious PDF or Microsoft Word documents that exfiltrate itself when opened. Another potential method might make small changes to the plaintext to call it to leak to a server.<\/p>\n<p>The researchers said they made the more drastic recommendation to temporarily disable PGP in email apps out of an abundance of caution. Even when people follow such advice, it&#8217;s still possible to send and receive encrypted mail, as long as the encrypting and decrypting happens in in an application that&#8217;s separate from the email client. EFF has much more advice <a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/05\/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0\">here<\/a>.<\/p>\n<p>The following videos show Efail exploiting Thunderbird and Mac Mail. The videos are narrated by Sebastian Schinzel, a professor of computer security at M\u00fcnster University of Applied Sciences and one of the authors of the paper.<\/p>\n<div class=\"wrapper\"><iframe loading=\"lazy\" type=\"text\/html\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/O0IVgY2rFC0?rel=0?start=0&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"\">[embedded content]<\/iframe><\/div>\n<div class=\"caption-text\">Demonstration Efail against Thunderbird.<\/div>\n<div class=\"wrapper\"><iframe loading=\"lazy\" type=\"text\/html\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/YWWUbdnHrmQ?rel=0?start=0&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"\">[embedded content]<\/iframe><\/div>\n<div class=\"caption-text\">Efail demo on Apple Mail.<\/div>\n<p>The requirement that an attacker already have possession of an encrypted message is an important consideration. It means that the attacker would first have to break into an email server, take over an email account, intercept traffic as it crossed the Internet, or have access to a hard drive storing a previously sent email. The attacker would then have to get the sender or one of the receivers of the previously obtained message to open a new attacker-sent email. The new email would embed portions of the ciphertext in places that often aren&#8217;t displayed by Thunderbird, Mail, Outlook, and more than two-dozen other email programs. When done properly, the attack causes the corresponding plaintext of those snippets to be displayed on an attacker-controlled server.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/05\/e-mail-clients-efail.png\" width=\"510\" height=\"811\"\/><\/p>\n<p>While the requirement that attackers have access to previously sent emails is an extremely high bar, the entire purpose of both PGP and S\/MIME is to protect users against this possibility. Ars will have much more coverage of the efail vulnerabilities, and the researchers have more information <a href=\"https:\/\/efail.de\/\">here<\/a>.<\/p>\n<p>In an email sent two hours after this post went live, Ryan Sipes, the community manager for the developer group that maintains Thunderbird, wrote: &#8220;A patch that addresses the last known exploit vector has been submitted, and is currently in review and being tested. We expect to see this land in an update to our users before the end of the week.&#8221; Apple representatives haven&#8217;t respond to a request for comment.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/28950\/Decade-Old-Efail-Attack-Can-Decrypt-Previously-Obtained-Encyrpted-Emails.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":586,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[419],"class_list":["post-585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineprivacyemailflawcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-14T17:50:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png\" \/>\n\t<meta property=\"og:image:width\" content=\"760\" \/>\n\t<meta property=\"og:image:height\" content=\"270\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails\",\"datePublished\":\"2018-05-14T17:50:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/\"},\"wordCount\":808,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png\",\"keywords\":[\"headline,privacy,email,flaw,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/\",\"name\":\"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png\",\"datePublished\":\"2018-05-14T17:50:46+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png\",\"width\":760,\"height\":270},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,email,flaw,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineprivacyemailflawcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/","og_locale":"en_US","og_type":"article","og_title":"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-14T17:50:46+00:00","og_image":[{"width":760,"height":270,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails","datePublished":"2018-05-14T17:50:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/"},"wordCount":808,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png","keywords":["headline,privacy,email,flaw,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/","url":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/","name":"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png","datePublished":"2018-05-14T17:50:46+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails.png","width":760,"height":270},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/decade-old-efail-attack-can-decrypt-previously-obtained-encyrpted-emails\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,email,flaw,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacyemailflawcryptography\/"},{"@type":"ListItem","position":3,"name":"Decade-Old Efail Attack Can Decrypt Previously Obtained Encyrpted Emails"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=585"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/586"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}