According to Blur, the hackers intruded on December 13th, 2018 and they are working with law enforcement officials to determine how the intrusion occurred.
The file containing the user’s information that is prior to January 6th, 2018 and following are the information exposed online.
- Each user’s email addresses
- Some users’ first and last names
- Some users’ password hints but only from our old MaskMe product
- Each user’s last and second-to-last IP addresses used to login to Blur
- Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
Abine reported BleepingComputer that the data exposed form a misconfigured Amazon S3 storage bucket and approximately 2.4 million users data exposed.
The company confirms that none of the user’s critical data was exposed and there is no
Abine requested users to change the login credentials and recommends to setup a multi-factor authentication.