Opera warns Sync users of possible data breach

Browser developer says that incident could impact 1.7 million users

opera browser primary

On Friday, Opera, the Norwegian company responsible for the popular browser, warned users that the Opera Sync service might have been compromised. In response, the company issued a forced password reset for all Sync users.

Opera sent the emails to Sync user base after they detected "signs of an attack where access was gained to the Opera sync system," the company said.

"This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised."

Opera reset all Sync account passwords in response to the incident, and emails to users encouraged them to change any third-party passwords that were synchronized with the service.

When questioned on the specifics about the encryption used for the stored passwords, an Opera spokesperson attempted to deflect (security by obscurity), forgetting that the process has been disclosed previously.

Opera uses Nigori for synchronized passwords and passwords in the system used for authentication are hashed and salted with per-user salts. However, opera won't discuss the process for hashing the authentication passwords.

Opera says that 1.7 million users could be impacted by the Sync incident, but adds that this is only a small fraction of the 350 million people who use the browser on a regular basis.

News of this security incident comes just over a month after Opera said it plans to sell its browser business, performance and privacy apps, technology licensing business (outside of Opera TV), and a 29-percent ownership in nHorizon (a Chinese joint venture), to a consortium of investors led by China's leading anti-Virus firm Qihoo 360.

The purchase price is listed at $600 million.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)