Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Opera Privacy Security

Opera Sync Users May Have Been Compromised In Server Breach (fortune.com) 26

An anonymous reader writes: Someone broke into Opera's servers. The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera's servers. Opera's sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users. The Norwegian firm told its users that someone had gained access to the Opera sync system, and "some of our sync users' passwords and account information, such as login names, may have been compromised." As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.
This discussion has been archived. No new comments can be posted.

Opera Sync Users May Have Been Compromised In Server Breach

Comments Filter:
  • by hyperar ( 3992287 ) on Monday August 29, 2016 @09:33AM (#52789343)
    Did they break in by a security hole or did they used compromised credentials to break in? Any info on that matter?
    • by sirber ( 891722 )
      I heard the hackers were chinese ;-)
    • by Anonymous Coward

      Did they break in by a security hole or did they used compromised credentials to break in? Any info on that matter?

      I know that it was possible in the first place because this "sync" ever used remote servers.

      I have no use for sync functions - I rather like keeping things separate. But if I wanted to sync, it would mean syncing a mobile device that I control (i.e. have rooted) with a PC that I also control (running a FOSS OS). Why the hell would I want to involve any third-party servers for such a simple transfer of data? It's just asking for trouble.

      Anyone who wants "the cloud" can keep it. It's a hell of a lot harde

  • by LichtSpektren ( 4201985 ) on Monday August 29, 2016 @09:46AM (#52789401)
    Although I'm no fan of LastPass, at least the only thing you get with the sync is an encrypted blob; it means the attacker both has to compromise your account and then brute force your master password.

    Firefox's sync is less secure than that, but it's encrypted on their servers and requires an email verification to use, so the attacker has to compromise both your Firefox account and then your email account.

    I take it from TFA that Opera's sync database wasn't hashed, which is orders of magnitude worse than LastPass and Firefox. If anyone's still using Opera, this should be an alarm to switch to something else.
  • This is why I don't use password keepers, store my stuff in browsers, use Opera or Evernote to sync, Google drive...

    Sooner or later they will ALL be breached; many already have been.

    • Then use a local password manager that doesn't connect to the Internet.

      I store everything in KeePassX. To breach that, you'd have to be able to both keylog me and arbitrarily access the files on my drives.
    • by mjew ( 887153 )

      This is why I don't use password keepers, store my stuff in browsers, use Opera or Evernote to sync, Google drive...

      Sooner or later they will ALL be breached; many already have been.

      Not that I am for or against password keepers, but isn't the actual password data itself separately encrypted and stored in an individually encrypted state? That is, not even the people who run the password-keeping service can decrypt the blob of data they store, since they don't store the information necessary to decrypt it. (Decrypting the passwords is done locally on your machine after you type in your pass-phrase.) So an attack that compromised a well-designed password-keeping service would only net t

  • I think they both use the Opera Sink backstage...

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...