Missing Emails Restored

Share this page

As we reported earlier on our blog, we had an incident which caused some emails from over a 20 hour period to disappear.

Immediately afterwards, we initiated data recovery steps and within a day, we were able to recover the data and begin restoring emails into users accounts. On Saturday, we finally finished restoring emails to the last impacted accounts.

Our goal is to maintain 100% data availability and we apologize to those users who weren’t able to access some emails for a couple days while we worked on the recovery. Needless to say, a number of steps have been taken to avoid a repeat of this problem and we have strengthened our standard operating procedures (SOP) to include even more safeguards.

Technical Details

The root cause was found to be a Linux service called monit which automatically restarts services when it detects them to be crashed or is otherwise not running for some reason.

In our SOP, the first step for most procedures is to shut down monit. However, when one of our new engineers went to perform some changes on Monday, this was not done. The database changes we were doing on Monday required the database server to be shut down for a period of time, and the commands to do this were indeed issued. However, since monit was still running, the database server was automatically turned back on unbeknownst to the engineer. As a result, changes were made on a running database leading to data corruption.

While it is easy to lay blame on an individual engineer for not following the SOP, there are also organizational deficiencies that allowed this lapse to occur. The team as a whole is under immense time pressure to work quickly and support more users, so shortcuts were tolerated. This was generally OK because the core developers understood the system very well and knew with certainty which steps could be skipped without risk. However, we also inadvertently created an environment for new employees where the SOP was treated a guideline and not rules that had to be followed to the letter.

To remedy this situation, we have now enacted new regulations where changes on the production systems can only be made with the approval of ALL core developers. Furthermore, SOP shortcuts will no longer be tolerated, regardless of who is making the change.

These changes will inevitably slightly slow down our development and scaling process, but as a group, our core priorities are security and reliability and these must come before all other considerations. We would like to thank everybody (especially those still on the waiting list) for their understanding.

As a side note, we are also actively looking to grow our team so we can develop Proton Mail faster, if you or somebody you know is interested, please check out our current job openings(new window).

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Andy Yen

Andy is the founder and CEO of Proton. He is a long-time advocate for privacy rights and has spoken at TED, Web Summit, and the United Nations about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in particle physics from Harvard University.

Related articles

A digital signature on a document is like a virtual fingerprint that verifies the identity of the person or entity that signed it. Unlike handwritten signatures, which you can easily forge, digital signatures are highly secure because they’re protec
Many people who use Apple products assume their data is private because of the company’s aggressive marketing on the topic. “Some things shouldn’t be shared. iPhone helps keep it that way,” goes one famous ad. “Privacy. That’s iPhone.” But if you u
Whether it’s personal documents such as your birth certificate or confidential business files like work contracts, we all have sensitive documents we need to store securely. With so many storage options available, it’s important to understand the dif
At Proton Mail, your security is our number one priority. Normally, this means protecting your inbox from unauthorized outside access. However, rather than trying to hack your software, phishing emails try to hack you. By spoofing emails from trusted
Learn all about email clients and why you might use one instead of webmail. If you’ve used an app like Gmail on your mobile phone or Outlook on your computer, you’ve used an email client. We explain how an email client works and the pros and cons of
No email service is completely anonymous. Learn how to send an email as anonymously as possible using private email, aliases, and a VPN or Tor. Do you need to send an email without revealing who you are? Unfortunately, you can’t just sign up for a f