Opera cyber attack – what happened and should we be worried?

In Information Security ByTeam Acumin / 9th September 2016

Opera Software, which develops browsers for PCs and mobile platforms, suffered a security breach at the end of August. With Opera being the fifth most popular browser, it raises concerns about the data of a huge number of people.

What happened?

The security issues affected Opera’s sync service, which synchronises browsing data across the different devices that have Opera installed. Although Opera is not used by as many people as Firefox, Chrome or Internet Explorer, it has around 350 million users. However, only around 0.5% of users subscribe to the active sync service – around 1.7 million people. Though Opera said that the cyber attach was quickly blocked, the company admitted that some sync users’ account information, including passwords, could have been stolen.

As a result of the security breach, Opera emailed all its users and reset their sync service passwords. It has also urged users to reset passwords for any third-party sites that sync to Opera.

Opera has plans to expand in India, where 50 million people currently user its mobile browser. With the availability of cheap smartphones in India, Opera is expecting the number of users in the large Asian country to significantly expand. For many Indian people, a mobile phone is the only affordable means to access the internet, and Opera is keen to be the main player in the browser market there.

Opera is based in Norway and was recently taken over by a Chinese consortium for $600m. It is too soon to know how the new leadership will grow the business.

Should we be worried?

What is concerning about Opera’s cyber breach is that it is one of many similar breaches that have affected millions of users. Dropbox was recently compromised, and Oracle’s micro payment system used by many stores and hotels was breached.

The Opera, Dropbox and Oracle cyber-attacks were widely reported, whereas attacks on less high-profile companies are not always published by the media. The Information Commissioner’s Office has said that the number of security breaches reported to it has nearly doubled in a year. In 2015, there were 1,098 breaches and this rose to 2,048 in 2016. These are just the reported breaches of UK-based companies, meaning worldwide there will be many more breaches.

Unless you are personally affected by the Opera breach, there is no need to worry about this particular incident. When seen as one of many breaches, then there is cause for concern. Large companies like Opera, Dropbox and Oracle have sizable funds available to employ cyber security personnel, but this has not stopped security attacks. Though not all cyber threats are harmful, they still take valuable time and resources to fix.

The way forward?

Verizon, in its 2016 data breach analysis report, stated that 84% of attacks last a day or less, but in that time, a lot of data can be stolen.

Peter Woollacott, the CEO of Huntsman Security, has said that the problem in detecting attacks quickly was the huge amount of data that needs to be manually analysed and verified. He suggested that machine learning technology needs developing to automatically detect and deal with threats.