Users of Blur, a browser add-on designed to protect online information created by Abine, might have had personal information “potentially exposed.”
On December 13, Abine discovered that a file containing information about Blur users prior to January 6, 2018 was exposed.
The information includes every users’ email address, the last and penultimate IP address used to login to Blur, and encrypted password information.
The first name, surname, and password hint of some users was also there to be taken, a leftover from Abine’s older MaskMe product.
Abine encrypts passwords using bcrypt with a unique salt for every user, and it’s this that was exposed in the file rather than the actual password itself.
Password hints could, theoretically, be used to help gain access to accounts on other platforms, especially in conjunction with the email addresses revealed.
It’s advised that Blur users change their passwords and, if they use the same password across multiple services, to change those too.
It’s also recommended that users set up two-factor authenticiation for their account for an extra layer of security.
In a statement, Abine said, “there is no evidence that our users’ most critical data has been exposed, and we believe it is secure.
” There is no evidence that the usernames and passwords stored by our users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed.”
“There is no evidence that user payment information was exposed, ” he added.