Barely a week passes without another well-known web company suffering a data breach or hack of some kind.
This week it is Opera’s turn.
Opera Software, the company behind the web browser and recently sold to a Chinese consortium for $600 million, reported a ‘server breach incident’ on its blog this weekend.
“Earlier this week, we detected signs of an attack where access was gained to the Opera sync system,” the company’s Tarquin Wilton-Jones explains in the blog post.
“This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.”
“we believe […] users’ passwords [and login names] may have been compromised”
Keep Calm & Change Your Passwords
The upside to this is that you probably aren’t affected. Not because you haven’t used Opera — it is far from the most popular browser, but most people have used it at one point or another — but because this only affects those who used Opera Sync.
If all you use(d) Opera for is to view naughty websites or check out the odd new feature, you’re probably not at risk.
Opera say of its estimated 350 million users only 1.7 million use its sync feature.
The “sort-of-bad news” is that if Opera do believe they managed to grab ‘some data, including some of our sync users’ passwords and account information, such as login names’.
The “good news” is that Opera encrypted stored passwords and hashed and salted them. Furthermore, they say they’ve seen nothing to suggest that the attackers obtained this data.
‘Opera browser users who do not use Opera sync don’t need to do anything’
Opera is being prudent nonetheless.
It says it has reset the passwords of all Opera Sync users and sent them an e-mail to inform ‘them about of this incident and ask them to change the password’.
If you think you might have used Opera Sync in the past with an e-mail you no longer use it may be wise to reset any passwords for third-party sites you might have synchronized with the service, just as a precaution.
Opera browser users who do not use Opera sync do not need to do, worry about or change anything.
Here’s hoping that one side effect of this attack will be that Opera finally listens to its community and makes 2-factor authentication an option for Opera Sync.
Are you an Opera browser user who uses Opera Sync? Have you used the feature in the past? Does this attack make you weary of entrusting your account passwords to a cloud service? Let us know your take on this in the comments below.