Want to share with your friends too?

Science
04 Jan 2019

Popular password manager suffers data breach, leaks information of millions

Blur password manager compromises millions in data breach

In a massive data breach, popular password manager Blur has compromised data of millions of users.

The platform, owned and managed by Abine, left user data exposed on one of its servers, leaking names, emails, and hashed passwords.

However, the company claims that usernames, passwords, and credit card details stored inside Blur accounts were not leaked.

Here's more on the matter.

In context

Blur password manager compromises millions in data breach
Critical file left openly accessible on server

Issue

Critical file left openly accessible on server

On December 13, a security researcher alerted Blur about a file openly available on one of its servers.

The company took the report into notice and conducted an internal audit, only to find that the file had made information of nearly 2.4 million Blur users freely accessible.

It compromised details of users who had signed up for the password manager before January 2018.

Information leaked

Information leaked out by Blur

Just recently, Blur apologized about the issue and confirmed that emails and hashed passwords of nearly 2.4 million accounts involved in the breach were exposed.

The last and second-to-last IP address used by these users to login into their Blur account may also have been leaked.

Notably, some users' password hints and first and last names were also leaked in the breach.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

However, passwords stored inside accounts were not leaked

Stored passwords

However, passwords stored inside accounts were not leaked

Blur compromised emails and hashed passwords but only for the main service.

The company notes it didn't have access to 'critical unencrypted data' of the users and there's no evidence of its exposure.

"There is no evidence that the usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed".

Also, its DeleteMe service remains unaffected

Along with information stored within Blur accounts, the company also claims that its DeleteMe online privacy protection service wasn't affected from the breach and remains secure.

Recommendation

Still, you should change your passwords

In the wake of this incident, Abine has requested Blur users to change the passwords of their accounts and enable two-factor authentication.

The company has also urged its users to change passwords for all other services that had the same email and password combination used for Blur.

"This incident is embarrassing and frustrating," the company said while apologizing for the breach.

Ask NewsBytes
User Image

Most asked questions

How to change Blur password?

Are all passwords stored in Blur account safe?

How do I delete an existing account in Blur?

How to remove accounts saved in Blur?

More questions

How to change Blur password?

Asked on 04-01-2019 by Paridhi Sengupta

Answered by NewsBytes

To change the password of your Blur account, head over to Blur settings and click on the edit button given next to the 'password' option.

Are all passwords stored in Blur account safe?

Asked on 04-01-2019 by Dhruv Sen

Answered by NewsBytes

Yes, the company claims there is no evidence of exposure of information stored inside Blur accounts, including usernames, passwords, and payment information.

How do I delete an existing account in Blur?

Asked on 04-01-2019 by Pari Rao

Answered by NewsBytes

To delete your Blur account, head over to settings and hit the 'delete' button at the lower right corner of the page.

How to remove accounts saved in Blur?

Asked on 04-01-2019 by Hemant Saxena

Answered by NewsBytes

To remove accounts saved in Blur, head over to your privacy dashboard and click on 'Accounts'. From there, find the website that you'd like to delete and click the trashcan icon.

Next Timeline