Endwall 08/29/2016 (Mon) 23:39:29 No. 457 del
ZDnet
Opera resets passwords after sync server hacked
http://www.zdnet.com/article/opera-resets-passwords-after-server-hack/
By Zack Whittaker for Zero Day | August 28, 2016 -- 18:10 GMT (19:10 BST)
But the company won't say how the passwords are stored, which may indicate if they can be unscrambled by an attacker.
Opera has confirmed that a hacker breached one of the company's sync servers, potentially exposing passwords. The Norway-based internet browser maker said in a blog post that it "quickly blocked" an attack on its systems earlier this week, but it admitted that some data was compromised, including "some of our sync users' passwords and account information", such as login names. But the company said it doesn't know the full scope of what was compromised. Opera said that it has reset all the Opera sync account passwords as a precaution. At the time of the attack, more than 1.7 million active users last month used the feature, which allows users to share website passwords across devices. The company confirmed that passwords are hashed and salted -- an industry-standard practice to scramble passwords so that they are unusable -- but didn't provide specifics on how, leaving no clear indication if the passwords can be unscrambled by an attacker. Opera staffer Tarquin Wilton-Jones, who wrote the blog post, said the company will "not divulge exactly how authentication passwords on our systems are prepared for storage", as this would "only help a potential attacker". We sent Opera some questions but did not hear back at the time of writing. If that changes, we'll update the piece.