2.4 Million Blur Password Manager Users Data Exposed

More than 2.4 million Blur password manager users data has been exposed online, the Blur password management service owned by Abine.

According to Blur, the hackers intruded on December 13th, 2018 and they are working with law enforcement officials to determine how the intrusion occurred.

The file containing the user’s information that is prior to January 6th, 2018 and following are the information exposed online.

Each user’s email addresses
Some users’ first and last names
Some users’ password hints but only from our old MaskMe product
Each user’s last and second-to-last IP addresses used to login to Blur
Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
The data exposed form a misconfigured Amazon S3 storage bucket and approximately 2.4 million users data exposed.

The company confirms that none of the user’s critical data was exposed and there is no evident of “usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed.”

Abine requested users to change the login credentials and recommends to setup a multi-factor authentication.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.