Opera was hacked – server breach incident
The company revealed that attackers gained access to Opera Sync, a service that lets users synchronize their browser data and settings across multiple platforms. It is investigating the incident, but initially believes the attack may have compromised user data, including passwords and login names.
Opera counts 350 million users across its range products, but it said that a small portion of those use the Sync service. Last month, for example, it counted 1.7 million active Sync users, but more may have registered for it and, in doing so, provided Opera with data. The company has reset all passwords and emailed all registered Opera sync users with details.
Opera Sync is used to synchronize user data between different computers but it is apparently used by under “0.5% of the total Opera user base”. However, with a user base of 350 million this means that upwards of 1.7 million people could be affected.
“Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution,” it explained in a blog post.
Opera Security blog statement
In a statement on the Opera Security blog, Tarquin Wilton-Jones says:
Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.
Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.
We have also sent emails to all Opera sync users to inform them about the incident and ask them to change the password for their Opera sync accounts. In an abundance of caution, we have encouraged users to also reset any passwords to third party sites they may have synchronized with the service.
To obtain a new password for Opera sync, use the password resetting page.
The total active number of users of Opera sync in the last month is 1.7 million, less than 0.5% of the total Opera user base of 350 million people.
The remaining Opera browser users who do not use Opera sync, do not need to take any actions.
We take your data security very seriously, and want to sincerely apologize for the inconvenience this might have caused.
Mail sent to millions of users
Dear Opera sync user,
We wanted to let you know that in order to protect your Opera sync account we have reset your password. In order to continue to synchronize your data, you will have to go to the Opera sync service and make a new one.
The reason we have done this is because we detected an attack on some of our Opera sync servers. Our investigations are continuing but we believe some of our users’ passwords (that are still encrypted or securely hashed) and account information such as login names may have been compromised. As a precautionary measure, we have reset all of the Opera sync users’ passwords. In an abundance of caution, we also encourage you to change any passwords to third party sites that you have synchronized through the Opera sync service.
To regain access to Opera sync, click “Forgot password” from the synchronize dialog in the Opera browser menu and then create a new password.
We take your data security very seriously and want to sincerely apologize for the inconvenience this might have caused you.
Thank you for your cooperation,
The Opera sync team
https://www.opera.com/blogs/security/
Suggestions and recommendations
All Opera Sync users affected by the breach have been informed about it via email. The email asks users to change the password to their Sync account as soon as possible
Please change your Opera account password!!!
