Blur password manager compromises millions in data breach

Science

04 Jan 2019

Popular password manager suffers data breach, leaks information of millions

In a massive data breach, popular password manager Blur has compromised data of millions of users.

The platform, owned and managed by Abine, left user data exposed on one of its servers, leaking names, emails, and hashed passwords.

However, the company claims that usernames, passwords, and credit card details stored inside Blur accounts were not leaked.

Here's more on the matter.

Issue

Critical file left openly accessible on server

Critical file left openly accessible on server

On December 13, a security researcher alerted Blur about a file openly available on one of its servers.

The company took the report into notice and conducted an internal audit, only to find that the file had made information of nearly 2.4 million Blur users freely accessible.

It compromised details of users who had signed up for the password manager before January 2018.

Information leaked

Information leaked out by Blur

Just recently, Blur apologized about the issue and confirmed that emails and hashed passwords of nearly 2.4 million accounts involved in the breach were exposed.

The last and second-to-last IP address used by these users to login into their Blur account may also have been leaked.

Notably, some users' password hints and first and last names were also leaked in the breach.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify me

Stored passwords

However, passwords stored inside accounts were not leaked

However, passwords stored inside accounts were not leaked

Blur compromised emails and hashed passwords but only for the main service.

The company notes it didn't have access to 'critical unencrypted data' of the users and there's no evidence of its exposure.

"There is no evidence that the usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed".

Also, its DeleteMe service remains unaffected

Along with information stored within Blur accounts, the company also claims that its DeleteMe online privacy protection service wasn't affected from the breach and remains secure.

Recommendation

Still, you should change your passwords

In the wake of this incident, Abine has requested Blur users to change the passwords of their accounts and enable two-factor authentication.

The company has also urged its users to change passwords for all other services that had the same email and password combination used for Blur.

"This incident is embarrassing and frustrating," the company said while apologizing for the breach.

Share this timeline

Security

Technology

Blur

DeleteMe

IP

Masked Credit Card

Masked Emails

Masked Phone

Share this timeline

Ask NewsBytes
User Image

Most asked questions

How to change Blur password?

Are all passwords stored in Blur account safe?

How do I delete an existing account in Blur?

How to remove accounts saved in Blur?

More questions

How to change Blur password?

Asked 2019-01-04 17:56:33 by Paridhi Sengupta

Answered by NewsBytes

To change the password of your Blur account, head over to Blur settings and click on the edit button given next to the 'password' option.

Are all passwords stored in Blur account safe?

Asked 2019-01-04 17:56:33 by Dhruv Sen

Answered by NewsBytes

Yes, the company claims there is no evidence of exposure of information stored inside Blur accounts, including usernames, passwords, and payment information.

How do I delete an existing account in Blur?

Asked 2019-01-04 17:56:33 by Pari Rao

Answered by NewsBytes

To delete your Blur account, head over to settings and hit the 'delete' button at the lower right corner of the page.

How to remove accounts saved in Blur?

Asked 2019-01-04 17:56:33 by Hemant Saxena

Answered by NewsBytes

To remove accounts saved in Blur, head over to your privacy dashboard and click on 'Accounts'. From there, find the website that you'd like to delete and click the trashcan icon.

Next Timeline