[BreachExchange] Opera cloud servers hacked, passwords and account details feared compromised

Audrey McNeil audrey at riskbasedsecurity.com
Mon Aug 29 19:57:36 EDT 2016


https://wetechgeeks.wordpress.com/2016/08/27/opera-cloud-
servers-hacked-passwords-and-account-details-feared-compromised/

If you’ve been using Opera’s cloud sync service, your password and other
sensitive data might have been hacked. Opera confirmed the mid-week server
breach on Friday, saying “this attack was quickly blocked” but that “we
believe some data, including some of our sync users’ passwords and account
information, such as login names, may have been compromised.”

Opera has already reset all Opera sync account passwords as a precaution
and sent emails to all Opera sync users informing them of the breach and
advising they change their passwords as soon as possible. You can do that
via the button below. Just to be safe, Opera is also encouraging users to
change any other third-party site passwords that might sync with Opera’s
service.

Even though the passwords that may have been intercepted are either
encrypted synchronized passwords or hashed and salted authentication
passwords, the fact that the hackers may have also accessed the account
passwords and account details at the same time means that if there was ever
any possibility of decrypting those passwords, this would be it.

As if to mitigate the severity of the issue, Opera noted in a blog post
that in the last month, less than 0.5% of Opera’s total user base were
using its sync service. But that’s still 1.7 million people. On the plus
side, if you’re one of the 350 million Opera users that don’t use Opera
sync, there’s nothing you need to do as your account details and passwords
are unaffected by the hack.

As we’ve seen repeatedly with recent high-profile account hacking, part of
the problem also lies in the frequency with which folks re-use passwords
across multiple services. If you re-use usernames and/or passwords across
multiple services and one of them with weaker security gets hacked, then
your credentials for more important services might have been given up in
the process.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160829/3ed9783c/attachment.html>


More information about the BreachExchange mailing list