PINDROP BLOG

Opera Warns of Compromise of Password Sync Service

The makers of the Opera browser said attackers have compromised the servers that are used to house the data from users of Opera’s sync system, which synchronizes data between mobile and desktop installations.

The attack was discovered last week, and officials at Opera Software said that they have sent an email to all of the sync users to ask them to reseat their passwords for the service. Sync is a feature that allows users to replicate data such as passwords between mobile devices and desktop computers.

The Opera browser has more than 350 million users worldwide.

“Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised,” the Opera advisory says.

“Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.”

Opera said that 1.7 million people have used sync in the last month, and they’re also recommending that people at risk from the breach should reset any passwords that they from third-party sites that they synchronized through Opera sync.

The Opera browser has more than 350 million users worldwide, and the company said that fewer than 0.5 percent of them were affected by the sync compromise.