- Popular password manager application Blur has disclosed a data breach exposing data of 2.4 million users.
- The data breach was as a result of a misconfigured AWS S3 bucket
- The exposed data includes users full name, hashed passwords, IP address and email address.
- The company confirmed that users critical data were not exposed in the breach
Blur a popular password manager application disclosed a data breach which potentially may have exposed data of around 2.4 million users.
Blur is an application developed by online privacy company Abine which provides password management, masked email, and private browsing.
On Monday the company published in a blog post that some information of Blur users was potentially exposed as a result of a misconfigured AWS S3 bucket.
“On Thursday, December 13th 2018, we became aware that some information about Blur users had been potentially exposed and immediately began working to ensure our systems and data were secure, to determine what happened, and to inform and help our users.” said in the post published by Abine.
The exposed information includes user first and last name, email address, IP addresses, hashed passwords and passwords hints.
Abine said that users critical data was not exposed in the data breach and there is no evidence usernames and passwords stored by users in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were compromised in the breach.
The company also confirmed user payment card details were not exposed in the breach.
The exposed data contains information of users of who had registered an account prior to January 6, 2018. According to SecurityWeek, around 2.4 million users were impacted by the data breach
The company has advised users to change their Blur password and if you have used the same password in other accounts also it is advised to change that also.
All users are advised to always use long and unique passwords for your accounts and enable multi-factor authentication.
“As a privacy and security focused company this incident is embarrassing and frustrating. These incidents should not happen and we let our users down. We apologize and are working very hard to ensure we respond quickly and effectively to this incident and make sure we do everything we can to not let anything like it happen again.”
You may be interested in reading:New Variants of Shamoon Disk-Wiping Malware Uploaded to VirusTotal