Browser Sync Tool Hacking Raises Security Fears

John Lister's picture

Users of the Opera browser's sync tools have been warned to change their passwords for every website. The organization behind Opera says the warning is with "an abundance of caution."

The warning only covers people who use Opera's system for synchronizing bookmarks, passwords and other information so that they can access the feature on any computer. This covers around 1.7 million people among the 350 million who use the browser.

Writing on a company blog, Opera's Tarquin Wilton-Jones said an attack on the system had been detected and, although quickly blocked, was successful in gaining access to the sync system. Wilton-Jones said "some data, including some of our sync users' passwords and account information, such as login names, may have been compromised." (Source: opera.com)

Passwords Were Encrypted

The good news is that the passwords for other websites were stored in encrypted form, while the passwords for accessing the sync service itself were not only encrypted but had additional layer of protection known as salting and hashing. This means that it could take some considerable time for the attackers to be able to turn the stolen data into something they can actually use.

In the meantime, Opera has reset all account passwords for the sync service. That means users will receive an email to reset their passwords, which will then take them to a page online to create a new password for their account.

Password Manager Unaffected

The company also says users should change any passwords for other sites that they had stored in the service, as a matter of caution. Users who reset their Opera account password will be able to visit the sync page and see a list of all the data they have stored, including a list of the sites for which they'd stored a password. (Source: pcworld.com)

The incident doesn't affect another Opera service named Password Manager. This only stores the saved passwords on the user's own computer and thus isn't accessible on other machines.

There's no word yet from Opera on how the attackers were able to access the system and get the stored data.

What's Your Opinion?

Do you use Opera's sync service or a similar service for another browser? Does this incident make you less likely to trust such services? Or does it sound like Opera has acted reasonably and such attacks are unavoidable?

Rate this article: 
Average: 3 (4 votes)

Comments

Dennis Faas's picture

As long as there is a way into a system, attacks are inevitable. Our web server is under attack 24/7 - mostly from automated programs, but that still counts, especially if the necessary protection has not been installed. I have a reactive firewall program constantly scanning log files for 'bad' activity, and if it reaches a certain threshold, the IP is blocked. Without that sort of protection, the server would be inundated with bogus requests and unable to communicate with legitimate traffic.