Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a severe security vulnerability.”

Sintonen comments, “Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents. More emails make this process easier and more accurate.”