On Friday, Opera, published a security alert to warn its users that the Opera Sync service might have been breached. In response to the alleged incident, Opera forced a password reset for all Sync users that were informed via mail of suspicious activity with their accounts.
“Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.” states the security advisory.
Opera clarified that passwords in the system used for authentication are hashed and salted with per-user salts, however, the company hasn’t provided any information about the hashing process for the authentication passwords.
“Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.” continues the advisory.
The company informed users to have promptly blocked the attacks, its experts are investigating the incident.
Internal security staff believes that some users’ data, including login credentials, may have been compromised.
The company reset all Opera Sync account passwords and sent emails suggesting them to change any third-party passwords that were synchronized with the service.
According to Opera, 1.7 million users could be impacted by the Sync security breach, less than 0.5% of the total Opera user base of 350 million people.
As usual, Opera Sync users that share their credentials among multiple sites are advised to change their passwords for those sites as soon as possible.
(Security Affairs – Opera, security breach)