Friday, September 13, 2024
HomeComputer Security2.4 Million Blur Password Manager Users Data Exposed Online

2.4 Million Blur Password Manager Users Data Exposed Online

Published on

More than 2.4 million Blur password manager users data has been exposed online, the Blur password management service owned by Abine.

According to Blur, the hackers intruded on December 13th, 2018 and they are working with law enforcement officials to determine how the intrusion occurred.

The file containing the user’s information that is prior to January 6th, 2018 and following are the information exposed online.

- Advertisement - EHA
  • Each user’s email addresses
  • Some users’ first and last names
  • Some users’ password hints but only from our old MaskMe product
  • Each user’s last and second-to-last IP addresses used to login to Blur
  • Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
  • The data exposed form a misconfigured Amazon S3 storage bucket and approximately 2.4 million users data exposed.

The company confirms that none of the user’s critical data was exposed and there is no evident of “usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed.”

Abine requested users to change the login credentials and recommends to setup a multi-factor authentication.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Recent Breaches

120 Million Unique Taxpayer ID Numbers Exposed Online From Misconfigured Servers

66 Million Users Personal Data Exposed From Unprotected MongoDB Database

Quora Hacked – 100 Million User’s Data Stolen By Hackers

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers....

Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Fortinet Confirms Data Breach Following Hacker’s Claim of 440GB Data Theft

Fortinet, a leading cybersecurity firm, has confirmed a data breach involving a third-party cloud...

New Android Spyware As TV Streaming App Steals Sensitive Data From Devices

Recent research has revealed a new Android malware targeting mnemonic keys, a crucial component...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...