2.4 Million Blur Password Manager Users Data Exposed Online

More than 2.4 million Blur password manager users data has been exposed online, the Blur password management service owned by Abine.

According to Blur, the hackers intruded on December 13th, 2018 and they are working with law enforcement officials to determine how the intrusion occurred.

The file containing the user’s information that is prior to January 6th, 2018 and following are the information exposed online.

  • Each user’s email addresses
  • Some users’ first and last names
  • Some users’ password hints but only from our old MaskMe product
  • Each user’s last and second-to-last IP addresses used to login to Blur
  • Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
  • The data exposed form a misconfigured Amazon S3 storage bucket and approximately 2.4 million users data exposed.

The company confirms that none of the user’s critical data was exposed and there is no evident of “usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed.”

Abine requested users to change the login credentials and recommends to setup a multi-factor authentication.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Recent Breaches

120 Million Unique Taxpayer ID Numbers Exposed Online From Misconfigured Servers

66 Million Users Personal Data Exposed From Unprotected MongoDB Database

Quora Hacked – 100 Million User’s Data Stolen By Hackers

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation

The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov, 48,…

18 minutes ago

Fortinet Zero-Day Under Attack: PoC Now Publicly Available

FortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet products,…

44 minutes ago

Global Crackdown Nets 270 Dark Web Vendors in Major Arrests

A sweeping international crackdown, codenamed Operation RapTor, has dealt a significant blow to the criminal…

2 hours ago

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory…

2 hours ago

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on…

14 hours ago

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI)…

14 hours ago