The online privacy and password management firm Abine reported a data breach that exposed users names, emails and portions of their login credentials of those using its Blur product.
Blur, which is owned by Abine Inc., became aware on Dec. 13, 2018, that information from users who had registered their accounts with the company before Jan. 6, 2018 had been compromised through an open file, the company said in a press release. Abine did not say how many people were affected.
The information includes:
• Each user’s email addresses
• Some users’ first and last names
• Some users’ password hints but only from our old MaskMe product
• Each user’s last and second-to-last IP addresses used to login to Blur
• Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.
Abine describes itself as an online privacy company whose products help consumers control the level of exposure of their personal information.
“As a privacy and security-focused company this incident is embarrassing and frustrating. These incidents should not happen and we let our users down. We apologize and are working very hard to ensure we respond quickly and effectively to this incident and make sure we do everything we can to not let anything like it happen again,” the company said.
Abine recommends all users change their passwords, but it noted there is no evidence that our users’ most critical data has been exposed, and we believe it is secure.