On April 3rd a vulnerable version of Tutanota was released. We were notified about the issue three days later by one of our users and fixed it immediately. Now, all affected versions of Tutanota have been disabled and we would like to inform you about the issue for full transparency.

https://tutanota.com/blog/fixed-vulnerability