Skip to main content

Attack Forces 1.7 Million Opera Users to Reset Passwords

Perennial also-ran web browser Opera may have less than 1 percent of the market, but it appears that even its users are a target for attackers. Last Friday (Aug. 26) the company announced that its Opera Sync service (which lets you synchronize bookmarks and other data among browsers on multiple devices) was hit by hackers who may have stolen user information, including passwords synced with the service.

In a blog post, Opera developer Tarquin Wilton-Jones explained that the company "detected signs of an attack where access was gained to the Opera Sync system." Wilton-Jones noted that "this attack was quickly blocked," but the company believes that some data was pilfered, including user login names and passwords.

MORE: Opera Browser Could Be a Game-Changer for Battery Life

While Opera said it protects passwords used to log into Opera Sync by hashing and salting them (running them through one-way mathematical algorithms that are nearly impossible to reverse), and encrypts third-party passwords that are part of the data synced among a user's browsers, the company reset all the user passwords for Opera Sync "as a precaution."

Wilton-Jones advised (and we agree) that users should also change any third-party passwords that were synced with the service. Users can reset their Sync passwords here.

This is as good a time as any to impart one of our most necessary pieces of password maintenance advice: don't recycle passwords. Let's say you use Opera Sync and an online bank, and use the same password and email address for both. If so, then there's a strong chance that you've set yourself up for much bigger problems than a singular password reset.

Opera admits that the total number of affected users is comparably small, as of the 350 million people who use the browser, only 1.7 million (0.5 percent) use Sync. This kind of attack should give users of all browser-data synchronization software a moment to pause and reconsider, as similar features come baked into Firefox (Sync), Safari (iCloud) and Google (Sync).