Opera has confirmed that an unknown hacker managed to gain access to its Opera sync system, potentially compromising the data of about 1.7 million active users. In response to the breach of Opera's web sync feature, which allows users to synchronise their browser data and settings across multiple platforms, the company has issued a forced password reset for all Sync users.
"Earlier this week, we detected signs of an attack where access was gained to the Opera sync system," Opera's Tarquin Wilton-Jones wrote in a blog post. "This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users' passwords and account information, such as login names, may have been compromised."
The company notes that although they only store encrypted for synchronised passwords or hashed and salted passwords for authentication in its system, all Opera sync account passwords have been reset as a precaution.
The Norwegian company noted that 1.7 million people, less than 0.5% of its total Opera user base of 350 million people, use its Opera sync service as of last month.
Opera browser users who do not use Opera sync are unaffected by the infiltration and do not need to reset their passwords, the company said.
"We have also sent emails to all Opera sync users to inform them about the incident and ask them to change the password for their Opera sync accounts," the blog post reads. "In an abundance of caution, we have also encouraged users to reset any passwords to third party sites they may have synchronised with the service."
Opera's announcement comes just a day after cloud storage service Dropbox issued its own password reset for user accounts that were created prior to mid-2012. It applies to those users who haven't changed their passwords since. While Dropbox's precautionary measure came in response to the much-publicised LinkedIn hack in 2012 that saw the credentials of 117 million LinkedIn members put up for sale on the Dark Web, Opera's announcement does not seem to be related to the mega breach.
News of the security breach also comes a month after Opera announced plans to sell its browser business, performance and privacy apps, tech licensing and other assets to a Chinese consortium, led by search and security firm Qihoo 360, for $600m.