For me it boils down to the quality of their explanation and how they intend to mitigate future attacks. 10 hours was way too much, especially with poor communication, but as TenFour pointed out, pretty much all the services have been hit by these kinds of attacks. The difference is how they managed the post mortem and adjusted. In FastMail's case, for example, they handled it with tremendous transparency and detail, which I really appreciated. Long-time FastMail subscribers may remember Bron Gondwana's (now the CEO) really detailed accounts, which went a long way to building trust when there were problems. Tutanota needs to take a page out of FastMail's book for this situation and give their customers transparency and a good plan going forward. If this is brushed under the carpet, I'd agree completely with evfrson that it's not worth renewing a subscription.
As it is, I had been planning on pointing a few domains over to Tutanota since I had grown to like them during my testing phase with a little paid account, but for now that's on hold until I see what happens next. Crossing fingers they post a good update about the incident soon.
|