On Friday, Opera, published a security alert to warn its users that the Opera Sync service might have been breached. In response to the alleged incident, Opera forced a password reset for all Sync users that were informed via mail of suspicious activity with their accounts.
“Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.” states the security advisory.
Opera clarified that passwords in the system used for authentication are hashed and salted with per-user salts, however, the company hasn’t provided any information about the hashing process for the authentication passwords.
“Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.” continues the advisory.
The company informed users to have promptly blocked the attacks, its experts are investigating the incident.
Internal security staff believes that some users’ data, including login credentials, may have been compromised.
The company reset all Opera Sync account passwords and sent emails suggesting them to change any third-party passwords that were synchronized with the service.
According to Opera, 1.7 million users could be impacted by the Sync security breach, less than 0.5% of the total Opera user base of 350 million people.
As usual, Opera Sync users that share their credentials among multiple sites are advised to change their passwords for those sites as soon as possible.
(Security Affairs – Opera, security breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.