Password Manager Users Exposed After Privacy Snafu
January 03, 2019 / Phil Muncaster
Data on over two million users of a password manager tool has been publicly exposed in another cloud storage misconfiguration incident. Abine said on Monday that 2.4 million users of its Blur product from prior to January 6 2018 were affected. As well as password management, it offers the ability to mask phone numbers, credit card details and other information online to help protect user privacy and security. The file in question, exposed in an Amazon S3 storage snafu, contained: email addresses, some first and last names, password hints for its MaskMe product, last and penultimate IP address used to log-in to Blur and Blur passwords encrypted using bcrypt with a unique salt for each. The incident was discovered on December 13 but there’s no info on how long the data was exposed for.