Hey guys and gals, just wanted to give you all a warning about an experience I’ve been struggling with for the past 2 weeks.
TL;DR: DO NOT USE PASS AS YOUR PROTON 2FA
This may be obvious to some folk, but I have been locked out from my account now for 2 weeks. All my 2FA for important accounts were in my pass so I’m sure everything is getting compromised while I sit locked out of my email, password manager, and my sanity.
Worst part is I had emailed proton immediately when my phone started acting funny. I didn’t change my password because I was worried that the biometrics was the only thing letting me sign in. I changed passwords within pass but the logs looked like it was all being viewed by the hacker anyways.
Well, after begging support to call or text me, it took a week before they shut down my account for security concerns. They then asked me to provide an insane amount of information to confirm it was me. Who I emailed recently, accounts and programs I used to sign in recently and my purchase date, amount and information. Luckily I used PayPal qne was able to find it from 2 years ago. When they respond, it’s been at 2-4am and it’s telling me more more more. I gave them everything they asked for and they have ghosted me for days now.
I literally gave you all the details and I even have the yubikey used for the account. That should be proof enough and I honestly have no idea how they even circumvented the yubikey?
I’m literally so disappointed with the quality of customer support from you guys and I am a premium subscriber for years. I practiced impeccable password hygiene with your app, making aliases for all accounts and strong passwords with 2FA. I didn’t store my password anywhere for my proton account, it’s in my head and password book. I could have been socially engineered but sentinel should have blocked my account and handled it when I reached out, not after a week and then longer because I still haven’t heard back.
If you claim to be all about security but don’t respond to security emergencies with any urgency then idk why I’m paying for your service. You don’t have any phone support which is insane to me. I understand my $200 helps pay for others, but I need help for me!
I am completely lost right now as my reliance on alias and strong passwords have all been placed on pass and now I know nothing. I can’t change passwords because I don’t know the email alias I used or the 2FA code.
Please please please let me back in with my security key which should be the cherry on top of the excessive information you already had me give you, 4 days ago.
How did they circumvent the yubikey anyways?
Please help me