Opera Browser Users Urged to Reset Passwords After Sync Server is Hacked

MacRumors

macrumors bot
Original poster
Apr 12, 2001
50,010
11,280



Opera has warned users of the browser that an unknown hacker has managed to gain access to its sync system, potentially compromising the data of around 1.7 million users.

The Norwegian company said in a blog post that "some of our sync users' passwords and account information, such as login names, may have been compromised" following the hack, and encouraged users to reset passwords for third-party sites.

Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.

We have also sent emails to all Opera sync users to inform them about the incident and ask them to change the password for their Opera sync accounts. In an abundance of caution, we have encouraged users to also reset any passwords to third party sites they may have synchronized with the service.
Opera's web sync feature lets uses synchronize their browser data and settings across multiple devices. Opera notes that the total active number of users of the feature in the last month is less than 0.5 percent of the web browser's user base of 350 million people, and that the password reset is a precaution.

Security scares have been a recurring theme for online services recently. Last week, Dropbox told its users that the firm was resetting passwords for anyone who had not changed theirs since mid-2012. The preventative measure was enacted after the company learned about an old set of user credentials that was stolen in a hacking incident nearly four years ago.

Article Link: Opera Browser Users Urged to Reset Passwords After Sync Server is Hacked
 

Kajje

macrumors 6502a
Dec 6, 2012
721
956
Asia
Like any other niche browser Opera does have some nifty features. What makes this a special one is that it was one of the first available browsers around, in a time where one still was counting internet users by the million, not by the billion, in a time where there was no Mozilla, no Safari, no Google, in a time where color screens were still on the option list.

The VPN option was a good effort from Opera in a quest for gaining market share. But...
But this might be the final nail in the Opera coffin.

Ha det fint, farvel, Opera, farvel.

Funny fact: The first line on the homepage still reads
Fast, secure, easy-to-use browser
They clearly have reset the password of their FTP server in the process, and cannot access it anymore.
 

Northgrove

macrumors 65816
Aug 3, 2010
1,129
400
I have been a long time Opera user back since the "classic" days before it switched to the Chromium platform. I was so surprised to see I only had 4 (??) synced passwords, so I just did a round of switching a few passwords and thankfully was done. I don't really get how that happened, but I suspect they did a sync platform change at some point and I had only used Opera very little since Opera 15+. Thankful because I've heard of people having synced 200-300 sites on that service.

I nowadays use 1Password for password management since I still believe in password managers and each site password randomized and unique, never re-used, never weak, at the price of risking the service being compromised... So far 1Password hasn't had any serious breach (they are required to report security breaches at least per EU law), knock on wood... I don't really want to think of what would happen if they were though... I think this is a tough and annoying problem to deal with safely.
 

Alenore

macrumors 6502
Apr 7, 2013
423
426
Just Stop Using Opera. Which world are these people living in, a reasonable alternate browser is firefox or chrome without doubt. Opera just sucks.
Opera is, in fact, quite good. I'm still bummed they removed the mail client from the app, though.


Although, this is exactly why I hate password managers things. One single point of failure.
 

Kajje

macrumors 6502a
Dec 6, 2012
721
956
Asia
Their website hasn't been updated with this news but their blog probably has.
UPDATE: nope.
 

Northgrove

macrumors 65816
Aug 3, 2010
1,129
400
Just Stop Using Opera. Which world are these people living in, a reasonable alternate browser is firefox or chrome without doubt. Opera just sucks.
Yes, one of the reasons I have no plan to go back is that they have now been purchased by a Chinese consortium and it's not built out of entirely kosher companies, some having been involved in some controversies regarding marketing. Opera has now also started adding sponsored links to its Speed Dial view that can be removed but supposedly only temporarily.

Even only one of these two issues would have been a deal breaker for me.

Opera Sync and being Chinese owned? How do I know where my sensitive data really ends up? I really don't want it to somehow, one day end up in a country where the government is known to have deep ties into their cybersecurity business. Maybe it's stupid prejudices speaking here but they'd have to tear down the "Chinese Internet Firewall" at the very least before I'd start trusting them, and we all know that won't happen anytime soon.

So, now I mostly use Vivaldi. It's what the Opera Reboot should have been anyway.
 

Rigby

macrumors 603
Aug 5, 2008
5,307
6,386
San Jose, CA
Would be nice to know some more details, particularly why they are so concerned about synced user passwords. Seems to indicate that they aren't confident in their own encryption scheme, in which case they shouldn't have offered password syncing in the first place.

Personally, I will never use any cloud-based password solution. It's a disaster waiting to happen. Easy enough to sync Keepass files between devices locally.
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,049
Would be nice to know some more details, particularly why they are so concerned about synced user passwords. Seems to indicate that they aren't confident in their own encryption scheme, in which case they shouldn't have offered password syncing in the first place.

Personally, I will never use any cloud-based password solution. It's a disaster waiting to happen. Easy enough to sync Keepass files between devices locally.
Doesn't matter the encryption scheme you use. With enough time or the right additional information gathered from the hack, they could manage to get at the passwords. Doesn't matter Google, Microsoft, or Apple, all would have advised you change your passwords had the same happened even if only encrypted files had been obtained.
 

joueboy

macrumors 68000
Jul 3, 2008
1,576
1,545
They just sold the browser to a chinese consortium and I stop using since I learned about it. I stopped jailbreaking my phone when chinese started taking over. And I don't trust Lenovo computers either. Call me paranoid but it is what it is.
 

Rigby

macrumors 603
Aug 5, 2008
5,307
6,386
San Jose, CA
Doesn't matter the encryption scheme you use. With enough time or the right additional information gathered from the hack, they could manage to get at the passwords.
Actually no, there are ways to encypt information securely such that nobody but the user can decrypt it. The problem is that many companies simply don't have the competence and/or don't really care. In Opera's case, an additional user-provided passphrase to protect the information was only optional, which is a big red flag when sensitive information such as passwords is affected.
 
  • Like
Reactions: SteveW928

SandboxGeneral

Moderator emeritus
Sep 8, 2010
26,482
9,987
Detroit
I haven't used Opera since the early days of Windows XP. But at least they came forward and reset passwords for their users and acknowledged the incident.
 

Mrjoedot

macrumors regular
Dec 29, 2012
208
104
Asean market
At least Opera is better browser in general, maybe better than Chrome
[doublepost=1472487642][/doublepost]
They just sold the browser to a chinese consortium and I stop using since I learned about it. I stopped jailbreaking my phone when chinese started taking over. And I don't trust Lenovo computers either. Call me paranoid but it is what it is.
Bro, you are not the only one. I don't trust Chinese either
 
  • Like
Reactions: Ulenspiegel

grahamperrin

macrumors 601
Jun 8, 2007
4,942
643
… it was one of the first available browsers … no Mozilla, no Safari, no Google, …
Thanks, that surprised me – https://web.archive.org/web/20010519104223/http://www.operasoftware.com/mac/ – I imagined that Mozilla had been around longer (probably because I associate Mozilla with Netscape).

I never found a compelling reason to use Opera. For a while I think it distinguished itself by supporting protocols such as IMAP and SMTP but I vaguely recall that the e-mail client side of the application was not suitably performant or stable.
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,049
Actually no, there are ways to encypt information securely such that nobody but the user can decrypt it. The problem is that many companies simply don't have the competence and/or don't really care. In Opera's case, an additional user-provided passphrase to protect the information was only optional, which is a big red flag when sensitive information such as passwords is affected.
As someone that has worked in computer forensics for over 10 years and in computer security far longer than that, I can tell you that statement is completely false.

Encryption can make data far more secure but it's never going to be 100% safe.
 

sracer

macrumors G3
Apr 9, 2010
8,743
9,588
Prescott Valley, AZ
Just Stop Using Opera. Which world are these people living in, a reasonable alternate browser is firefox or chrome without doubt. Opera just sucks.
Opera just sucks? That's helpful. :rolleyes:

I switched from Chrome to Opera because it is more responsive than Chrome, it offers the same extensions that I relied on with Chrome, bookmark/history syncing across devices, and doesn't drain the battery like Chrome does on my OSX devices.

In my experiences Opera is superior to Chrome. (that's Opera and Chrome of today... historically that had not always been the case)

As for the breech, no company is immune.
 

Rigby

macrumors 603
Aug 5, 2008
5,307
6,386
San Jose, CA
As someone that has worked in computer forensics for over 10 years and in computer security far longer than that, I can tell you that statement is completely false.

Encryption can make data far more secure but it's never going to be 100% safe.
Proper implementations of thoroughly studied encryption algorithms are secure enough that governments and corporations entrust them with their most sensitive data. If all encryption was as easy to break as you claim we'd all be screwed anyway. If you really worked in computer security, you should know that good encryption is usually not broken, but at best circumvented by exploiting implementation or user errors.
 
  • Like
Reactions: SteveW928 and Kajje

catportal

macrumors regular
Aug 11, 2016
126
329
Lol, shows how uneducated macrumors users are. Opera did the right thing. They had encrypted/hashed/salted data, there was a breach of such data (which is likely useless to the hackers because they can't decrypt it) and they informed users about so they can protect themselves. If anything, you should be supporting Opera, other companies (such as linkedin) would just sweep it under the rug until something bad actually happened with the data. Opera preemptively gave warning. Not to mention, other browsers (including Opera) probably have multiple 0day exploits that only governments know about and actively use :)
 

OldSchoolMacGuy

Suspended
Jul 10, 2008
4,197
9,049
Proper implementations of thoroughly studied encryption algorithms are secure enough that governments and corporations entrust them with their most sensitive data. If all encryption was as easy to break as you claim we'd all be screwed anyway. If you really worked in computer security, you should know that good encryption is usually not broken, but at best circumvented by exploiting implementation or user errors.
And yet you don't see any of them putting their encrypted data out there for everyone to have a whack at.

You're also assuming a perfect world where everyone uses 40+ character passwords with special characters and all the other fun. The real world doesn't work like that. That's why rainbow tables are so successful at cracking even strong encryption, as people rarely secure things with a really strong key.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.