2.4 Million Blur Password Manager Users Data Exposed Online

More than 2.4 million Blur password manager users data has been exposed online, the Blur password management service owned by Abine.

According to Blur, the hackers intruded on December 13th, 2018 and they are working with law enforcement officials to determine how the intrusion occurred.

The file containing the user’s information that is prior to January 6th, 2018 and following are the information exposed online.

  • Each user’s email addresses
  • Some users’ first and last names
  • Some users’ password hints but only from our old MaskMe product
  • Each user’s last and second-to-last IP addresses used to login to Blur
  • Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
  • The data exposed form a misconfigured Amazon S3 storage bucket and approximately 2.4 million users data exposed.

The company confirms that none of the user’s critical data was exposed and there is no evident of “usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed.”

Abine requested users to change the login credentials and recommends to setup a multi-factor authentication.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Recent Breaches

120 Million Unique Taxpayer ID Numbers Exposed Online From Misconfigured Servers

66 Million Users Personal Data Exposed From Unprotected MongoDB Database

Quora Hacked – 100 Million User’s Data Stolen By Hackers

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems across…

9 hours ago

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular…

9 hours ago

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its focus…

9 hours ago

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has…

9 hours ago

Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials

The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent…

9 hours ago

LUMMAC.V2 Stealer Uses ClickFix Technique to Deceive Users into Executing Malicious Commands

The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a significant…

9 hours ago