Abine which is the company behind the Blur password manager has revealed that they have been affected by a data breach that potentially exposed the data of around 2.4 million users.
The breach was discovered last year December 13th, when the company was contacted by a security researcher regarding a server that exposed a file that contains information of the Blur users prior to Jan. 6, 2018. Abine conducted internal audit and after determining the size of the breach, the data leak was made public last Monday.
The file was available free accessible online and the information includes email addresses, first and last name of the users, password hints from their old MaskMe product, last and second to last IP address of the people that logged in to Blur, and encrypted password information.
Abine encrypts passwords using bcrypt with a unique salt for every user, and this was the one that was exposed in the file and not the actual passwords.
Password hints can be used to access the accounts on other platforms, which are being used in conjunction with the email addresses revealed. All the Blur users are highly recommended to change their passwords and in case same passwords are used in multiple accounts, change that too.
Users must make use of the two-factor authentication for their account as they provide an extra layer of security.
The company however confirmed that the usernames and passwords stored by the users in their Blur account are not exposed. This also includes auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers.
Password managers are always a best choice when it comes to maintain multiple secure passwords as today most of the people have multiple online accounts.