Opera warns sync users to change passwords for every website after hack

Desync

Opera vpn enabled

Opera's browser, with its integrated VPN function enabled.

Credit: Opera

Opera warned Friday that users who stored passwords and other data via its cloud services may have had that data compromised during a server breach.

Opera said that it detected unauthorized access to the Opera sync system last week via an attack. Though the attack was “quickly blocked,” Opera said that it believed that “some of our sync users’ passwords and account information, such as login names, may have been compromised.”

As a precaution, Opera reset all of the account passwords for the sync system, and have asked users to reset their passwords for third-party sites as well. The company said that it sent emails to all Opera sync users to report the incident. “We take your data security very seriously, and want to sincerely apologize for the inconvenience this might have caused,” the company said.

According to Net Applications, Opera falls within the “Other” category of browsers, with less than 2 percent market share. Sync users were a tiny fraction of that: The total active number of users of Opera Sync in the last month is 1.7 million, less than 0.5% of the total Opera user base of 350 million people, Opera said.

opera synced passwords Opera

Opera’s in-browser sync settings.

Storing data via the cloud is increasingly becoming more common. Windows 10’s own Edge browser now syncs bookmarks and passwords, and Google Chrome does as well. Provided that you have an account with Opera, the Opera sync function allows you to store quite a bit of data: favorite sites, open tabs, typed browsing history, and passwords. Opera hashed and salted its authentication “master” passwords, but merely encrypted the synced passwords, the company said.

If you’re an Opera user, and you’re worried about what might have been stored on Opera’s servers, you’ll need to first reset your password, then log in. Next, you’ll want to visit Opera’s sync page. There, Opera will show you what—if any—data was stored there. 

Why this matters: This summer, Opera accepted an acquisition offer from a consortium of Chinese companies, including Beijing Kunlun Tech and Qihoo 360 Software. That’s going to make some parties nervous already, even before the breach. Opera’s an excellent browser, especially after the company has added features like an integrated VPN and native ad blocking. But the breach isn’t going to do much to raise its niche status.

This story, "Opera warns sync users to change passwords for every website after hack" was originally published by PCWorld.

Shop Tech Products at Amazon