Hackers spend a night at Opera's servers

News by Rene Millman

Browser company confirms sync servers breached, exposing passwords of millions of users

Users of the Opera browser have been warned to change their passwords after it was discovered that its servers had been breached.

Hackers are said to have gained access to Opera's Sync system. This stores the user passwords to millions of websites.

In a blog post, Opera said that the attack was “quickly blocked”.

It added that its investigations were ongoing but believed some data, “including some of our sync users' passwords and account information, such as login names, may have been compromised.”

The attack occurred last week, but Opera only admitted the breach on Friday.

“Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution,” it said.

The firm said that it emailed all Opera sync users to report the incident. “We take your data security very seriously, and want to sincerely apologize for the inconvenience this might have caused,” the company said.

Corey Williams, senior director of products and marketing at Centrify told SCMagazineUK.com that the potential payoff of 1.7 million passwords could be huge. 

“Attackers will work hard to crack any server's encryption and try these passwords across countless thousands of other sites, services, and apps.  Until we have something better than passwords protecting our accounts – something like Multi-factor Authentication - we will continue to see these breaches result in success for attackers, and losses for all of us,” he said. “Knowing that two-thirds of consumers are ‘likely' to stop doing business with a hacked organisation, it may mean turbulent waters for Opera in the months to come.”

Tod Beardsley, senior research manager at Rapid7 told SC that Opera's move to force reset all their users' passwords is an excellent step to get users back to a normal state of security.

“It's a step that many breached organisations don't take, at least in part due to a concern for user convenience; Opera should be applauded for taking this breach seriously and acting quickly,” he added.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews