Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.

Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.

We have also sent emails to all Opera sync users to inform them about the incident and ask them to change the password for their Opera sync accounts. In an abundance of caution, we have encouraged users to also reset any passwords to third party sites they may have synchronized with the service.

To obtain a new password for Opera sync, use the password resetting page.

The total active number of users of Opera sync in the last month is 1.7 million, less than 0.5% of the total Opera user base of 350 million people.

The remaining Opera browser users who do not use Opera sync, do not need to take any actions.

We take your data security very seriously, and want to sincerely apologize for the inconvenience this might have caused.

Back to top
  • Wraith

    I already reset my Opera sync password but I wonder if my sync data (password for others site that was sync with only opera credentials) is compromised in some way ?

    • tarquinwj

      Thanks for asking. If you use Opera for desktop and you sync passwords, our recommendation is that you reset all of those passwords which have been synchronised (basically; all of them). Just to be on the safe side.

      • Hyperlord

        That begs the question why?
        I understand that at least the passwords are encrypted on the client (browser) before being sent to the sync-server so that on the sync-server only the encrypted data is available and not key that could be used to decrypt the data.

        You recommended to reset *all* passwords stored leaves two options here:
        1. a compromise of the opera-sync-passwords themselves which would be fatal if users have not specified a separate password for encrypting the passwords
        2. a weak encryption being used that would make the stored encrypted data vulnerable to brute force or rainbow table attacks.

        So could you please add more detail on what exactly is the reason for resetting all the passwords that have been stored?

  • tarquinwj

    Hi Ketan, thanks for your query.
    You can use this page to see what is stored, including the number of passwords:
    https://sync.opera.com/web/
    You can also look in the settings if you use Opera for desktop, section “Privacy & security”, “Manage saved passwords”.

  • Muad Dib

    You simply cannot be serious. Hundreds of passwords compromised?! wow.

    • VeraLB

      Hi @Cry0:disqus , I understand your frustration. Please know that our security team has implemented measures to avoid further risks and is continually monitoring this incident. For now, we’ve reset the passwords of Opera sync users and we’ve rolled out information to affected persons.

      • Thoms

        For some reason I can’t see what accounts I have synced with opera. The Passwords button is grayed out and unclickable. Help?

        • Leonardo Gomes

          You see it at the passwords manager in Opera settings.

    • BK

      “.. may have been compromised.”. We have no confirmation yet that that this happened, but just in case, we warn user that there is such possibility.

      • Muad Dib

        I know what “may” means. It means my encrypted passwords are in the hands of criminals now since Opera is my main browser and I sync everything to it daily, and they might, or might not decrypt it and get my bank accounts, emails, paypal etc. – depending on how lucky I am.
        I know this just happens and no security is perfect. I understand. Not the first time, not the last. I am just decrying taking each password off this list and resetting them one by one, doing this since I wrote the post, and barely got to 20% of the list :

        • NachoCarni

          As soon as you are done this kind of breaching will happen again, bet on it!

      • Bonnox

        why don’t you know which data was robbed?

        • Leonardo Gomes

          If someone gets into your house and steal objects from there, s/he will not leave a note saying what was taken. You will need to check and find out.
          Now imagine doing it when you have hundreds of thousands of objects.

          • Bonnox

            oh, I see. I thought there were some sort of countermeasures or logging,.. thanks for clearing

          • Leonardo Gomes

            There were, otherwise they would not be able to detect and block the attack.

  • Lord Epical

    Just to make this clear for me:

    1. As I had the setting to not sync saved passwords, does this mean that my saved usernames had not been stored on Opera servers?

    2. Would having the “encrypt synchronized passwords with your own sync passphrase” not protect any information as I had not synced saved passwords?

    3. Would having the “encrypt synchronized passwords with your own sync passphrase” enabled mean that they could possibly crack 2 of my passwords if they had reached copying the login information about my account?

    I am using a password manager for all of these now BTW.

    • tarquinwj

      Hi,

      Great questions 🙂

      As you have chosen not to sync passwords, username data is also not synced – our systems will not see it at all. The option to encrypt with an extra passphrase applies only to passwords.

      If you had enabled password sync, and used a sync passphrase, then the sync passphrase never appears on our systems at all. It is all done only on your client (browser). Even if someone had your sync login information, they couldn’t get that passphrase (or the passwords it protects) without somehow also having access to your browser while you’re using the passphrase. That’s why we recommend it.

      • Wraith

        So this mean the only secure option for sync passwords is to do it through “Own sync passphrase” ? is that right ?

  • MacielLucas

    China….

    • Lord Epical

      I will build a great firewall — and nobody builds firewalls better than me, believe me —and I’ll build them very inexpensively. I will build a great, great firewall on our southern border, and I will make China pay for that firewall. Mark my words.

    • BK

      China what?

      • xirit64

        He probably suspects/speculates the hacking was done for damaging the reputation in order to make the buy-out much cheaper.

        • TomEver

          A bit late for that considering the deal’s already been made and the pay already decided.

          • xirit64

            Who knows but him what he means… maybe he is suspecting the Chinese government wanting all those profiles to see who is a potential threat of whatever…

  • https://github.com/rtws/ dqdb@rtws

    “Although we only store encrypted or hashed and salted passwords in this system”

    And what about other data like bookmarks? When you introduced Opera Sync you wrote a blog post which stated clearly that bookmarks are stored without any encryption on your servers (and this info was a definite no-go for me to sync anything). Is this information about unencrypted bookmark storing still correct?

    • tarquinwj

      The information in that blog post is still correct. This is done to allow the web view to show you these parts of your synchronised data without needing to perform decryption on the server. It means that the encryption key that protects your most sensitive data never needs to exist on the same server as the encrypted data itself – any encryption/decryption is only allowed to happen on the client. We have been investigating ways to encrypt all of the data while still allowing the web interface to work without the server performing any of the decryption.

      • https://github.com/rtws/ dqdb@rtws

        This means that all unencrypted data (bookmarks, history, open tabs) have been also compromised in this attack?

        • tarquinwj

          We do not know exactly what may have been compromised. Resetting passwords is our recommendation, as a precaution.

          • http://www.hell.com xaml

            Have you considered introducing two-factor authentication to the Opera account?

      • http://www.hell.com xaml

        You should expedite this research, as it is unacceptable for these things not only to keep happen, but to make available to these criminals any information at all. To this day I observe ramifications of the breach at Amazon, where even the little bits of information obtained are being used to try and take advantage of others.

  • krdzal

    Wow this sucks, I have 389 sync password…..

    • tarquinwj

      Obviously, it is up to you to decide if you should change them. A good password encryption passphrase might make you trust it better. Our recommendation of course is that you do, just in case. We can but apologise for the inconvenience.

    • https://whatigottasayaboutit.com/ Jose Cosme

      Wow. That’s like writing your passwords on a sheet of paper and giving it to a friend to hold.

      • Olli

        Excepting Opera isn’t even your friend.

    • Japser

      Where can you see how many password you have synced up?

      • Leonardo Gomes

        In the passwords manager in Opera’s settings. Or at https://sync.opera.com/web/

        • abaddon

          I am on a vacation for next 7 days without access to desktop version of Opera (only mibile) and on suggested page one can only see number of saved passwords. Is there a way to find out for what sites I have stored passwords in Opera without using desktop version? I am afraid that I will have to wait for a full week until finding out what exact passwords I need to change!

          • Leonardo Gomes

            Well, you asked how do you know ‘how many’ saved passwords you have. 🙂
            To know what they are, the only way is to use the passwords manager.

          • Ruth_opera

            Hey abaddon, did you manage to log on and check in the end? If you have any other troubles let us know

  • Sam

    So you’ve reset the password of my account, but my account was from the time when myopera provided an e-mail address as well. Thus, the reset e-mail was sent to the myopera e-mail account which I cannot access because you reset the password.

    Nevertheless, my password was 20 characters random gunk, so it should probably be safe.

    • tarquinwj

      Unfortunately, because our server does not store plain-text passwords, we don’t actually know what the password is in order to decide if it is strong enough, and we cannot know if it was compromised. The only safe thing we could do is reset them all.

      • Sam

        Anyway, is there any way I can get access to my account again if there is no e-mail address attached? (Well there is … the @myopera.com one from many years ago). If not.. Ah well.

        • Yvonne Gonzalez

          When you signed up for an account do you recall what personal email account you used?

          • Sam

            As far as I know, none. This is from the time when MyOpera account were the e-mail addresses themselves (@myopera.com).

      • Wizardling

        I don’t mean to be rude, but it isn’t up to Opera to make sure you bother changing email address info when you move providers. Even if they shut down (with ample warning in MyOpera’s case).

  • Anshul Chrungu

    Quick question.
    I use Sync, however, it was turned off for last few days. Does this still affect me?

  • Harry James Potter

    Hi i have resetted my password.But i have faced it befroe and still when i am signing in my latest version opera browser doesn’t sync my bookmarks and all other synced datas into the browser . whast the fix ? been reporting in the bug field for numorus times!

    • Lord Epical

      I had that problem. You need to delete the stored password for Opera in your browser, by following these steps: Click “Menu” > Settings > Privacy and Security > Go to ‘Passwords’ and click “Manage saved passwords”, then delete the password for the Opera website.

      Then login to the sync again (Check remember password), and it should be fine.

      • Harry James Potter

        it didn’t work bro i did as u said.it sying sync not working …

    • tarquinwj

      With some versions of Opera (particularly developer channel or certain mobile products – we’re looking into it), it may also help to log out then log back in on every install. If it still doesn’t work, get in touch with the development team using the bug tracking system, and provide as much detail as you can to see if they can reproduce it, as well as an email address so they can contact you if needed.

      • Harry James Potter

        i have tried this bug reperting severel times but it didn’t work for me …. can u look into the matter personally ?it’s pising me off.

  • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

    I just switched to Opera. I’ve never heard of this happening on other browsers like Firefox or Chrome. Is this usual for a big browser company like this? Will you let each specific user know who was compromised?

    • http://www.hell.com xaml

      This has unfortunately happened to many known entities on the internet, including Amazon, Ebay and the Sony Playstation Network.

      • VeraLB

        @stephstephaniesteph:disqus , @xaml:disqus is correct. As with any other tech company, we get threats like this.
        Yes, we are sending out emails to people who have used Opera sync.

        • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

          I read the breach news wrong. I thought some users of sync were effected. So, all users of Opera Sync were effected?

          • VeraLB

            @stephstephaniesteph:disqus Our security team detected activity in the Opera sync system. We cannot know for sure whether all users of Opera sync will be affected.
            But we’ve reset the passwords of all Opera sync users as a precautionary measure.

    • Lord Epical

      A lot of major (And seemingly very secure) sites have been hacked and have had passwords taken. You can see a list of the major websites hacked here: https://haveibeenpwned.com/PwnedWebsites

      • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

        I switched to Opera because it used less data than Crome and I’m getting burnt out on Google products. But I don’t see Google on that list. What are they doing right? I’m sure hackers would love to penetrate Google more than any other site.

        • http://www.hell.com xaml

          Chrome and Opera both share the same foundation, Chromium. There might be features added on top, but overall I would assume their performance to be comparable. And what might not be publicly known does not necessarily mean that it never happened.

          • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

            Idk what you mean. But I know what you mean about companies not making it public. By law, dp companies have to notify users of a breach such as this Opera breach?

          • Lord Epical

            Under EU law (Apparently, European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (SI 336 of 2011) ) and the laws of several states in the US, companies HAVE to report to both law enforcement, and the users of the service if their data may have been leaked.

          • Hyperlord

            Yes, but the shared foundation is just the rendering engine for displaying the content. I don’t think the synchronization of bookmarks, passwords etc. is part of that package as well.

        • Lord Epical

          Google has a much higher revenue than Opera, and Opera is actually losing about 51.2 million USD a year (According to the Wikipedia page). Google can spend much more on security than Opera.

          Google also has much stricter security systems, and password reset options. With Google, if you forget your password, they ask you many questions which you are unlikely to know the answer to (Such as the exact month and year that your Google account was created). This can make it very difficult to reset the password. With Opera, if you forget your password, you can simply have it reset by clicking the password reset button.

          • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

            It looks like I’ll be 100% Google then for everything. Based on your reminder of Google’s resources.
            What about Firefox? I didn’t see them on that list. I know companies could have a breach happen and imthey are not immune to them know matter how big the company.

          • Lord Epical

            Well, Google is known to use your personal data (Which is found by using your Google Chrome search history, looking for key words in your Gmail emails, and using your Google search history, etc) to target advertisements towards you.

          • http://www.hell.com xaml

            As with Opera, I would be, and I believe others would be too, happy if there was a reasonable subscription model to the core services of Google beyond their online storage.
            😉

          • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

            I’d take a company using my keywords for advertising over a company not being as secure abd hackers getting hold of my passwords.

          • http://www.hell.com xaml

            Not necessarily a wise choice, as distributing risks in a technological and privacy related sense might, for better or worse, be a more robust approach.

          • Lord Epical

            I seriously doubt that there will be a breach of Opera servers again as they have said that they are stepping up security of the data, and it would give them a very bad image if it happened again also. I would recommend Firefox above Chrome, as unlike both Opera (And what they are doing now) and Google, Firefox actually make how the data is encrypted publicly available, so outside experts can actually make recommendations to Firefox to improve the security of the data.

            Firefox sync supports passwords also. You can see how Firefox encrypts the data on these pages: https://blog.mozilla.org/services/2014/02/07/a-better-firefox-sync/ https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol

            As Firefox sync has a provably reliable encryption method, I would recommend it.

          • http://www.hell.com xaml

            I would personally be happy to contribute to the Opera project with something like a subscription.

          • Lord Epical

            They don’t need it. Opera Software ASA was bought by ‘Qihoo 360 Technology Co. Ltd’, a huge Chinese consortium in July this year for 600 million USD. Qihoo will probably just allow the userbase to keep falling (As it has been doing significantly since the start of the year: http://www.w3schools.com/browsers/browsers_stats.asp ) so they can cancel the project and take the technology for their own ‘Qihoo 360 browser’.

        • Hyperlord

          Google has a lot more at stake being king of the hill when it comes to collecting data. Therefore Google invests heavily in securing the data and they even employ IT security specialists that actively look for vulnerabilites in various software (not just Google’s own systems). Look for Google Project Zero if you want to know more.
          That being said, Google has no magical piece of equipment – in the end, there will always be bugs in software that can be exploited by bad guys – so you just have to try to stay ahead of the bad guys trying to hack you.
          I would assume that with Opera, the sync service is more a small feature that was not in the main focus since their software is client-side application. Google on ther other hand is running (and securing) server systems for a living.

      • http://www.hell.com xaml

        Well, a serious matter and a title as sloppy as this one do not go very well together.

  • Dome LT
    • BK

      Please check you spam folder.
      Or wait a bit more.

      • Dome LT

        not in spam…nothing…wait and wait

        • BK

          Sorry, the server might be now overloaded, due to obvious reasons 🙁 Please try again.

          • Dome LT

            nothing had happened …..

  • https://www.facebook.com/skaterguitarist Kool Wolff

    Every company getting hacked, it seems like the norm nowadays; that’s why you never use any real information online. It gets stolen anyways.

    • http://www.hell.com xaml

      The problem is that this subliminal lack of trust might have an impact on how meaningful interactions can become. Think about partnership platforms, which, apart from general behaviour, ideally are something really useful, but can become really exhausting for not only never being entirely sure whether an opposite really exists and for possibly not being taken seriously, but also for having to provide sensitive information to attempt to overcome this.

  • Tetris

    What encryption are used on the stored passwords? I mean what are the chances of decrypting them? And did you let know all the affected users that they were affected? I received an email asking to set a new passwords, that means my login is out there now too?

    • tarquinwj

      As you might imagine, we do not divulge exactly how authentication passwords on our systems are prepared for storage (this would only help a potential attacker, and as you might imagine, that’s not something we want to do). The details of synchronised passwords can be seen in the desktop blog post that is linked to in the body of this blog post.

      If you received an email, it only means that you have an account. We reset all passwords on all accounts as a precaution, just in case.

      • Lord Epical

        Wouldn’t it be much more secure to make how you encrypt the data more available? Firefox does it with their sync ( https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol ), and making security information openly available allows outside experts to make recommendations.

      • Kodabar

        The thing is, you have detailed some of this in the past. Even the post linked to in the article reveals that Opera uses the nigori protocol to encrypt passwords. Explaining how you hash and salt or encrypt data doesn’t help an attacker very much and they’ll be able to figure it out anyway. Claiming that revealing details of your security procedures enhances security is a fallacy – security through obscurity.

        No one’s asking you to reveal the salt, but it would be reassuring to know, for instance, that you do actually uses different salts and don’t just use the same one repeatedly. After all, despite all this security, someone got into your server and stole data. That you don’t know what data they stole is somewhat worrying.

        So it would be reassuring to know what security procedures and protocols you use. Telling us that you use nigori to encrypt passwords doesn’t make our passwords vulnerable. Neither does telling us how you hash and salt passwords. If you’re using SHA-1, for example, then I’d be worried. If you’re perhaps using SHA-3, I’d feel a bit more reassured. Just saying encrypt, hash and salt isn’t enough – it depends how you encrypt, hash and salt. Most breaches happen because of poorly implemented security.

        • https://medium.com/@mlowicki Michał Łowicki

          Yes, we’re using salt per user. I understand your arguments and agree but for now we won’t unveil more details about this part.

          • Kodabar

            Well, that’s partially reassuring. Thanks for being candid.

      • Barnassey

        Detailing what you used to encrypt and salt the passwords with will NOT help an attacker, to even say that means the salt-hash used and encryption is weak.

    • BK
  • Kodabar

    “want to sincerely apologize for the inconvenience this might have caused”

    I realise that this is a standard modern style of apology, but I’d rather you didn’t equivocate. When 1.7 million people need to reset at least one password, there’s no doubt that this has caused inconvenience, so you can remove the “might” from your apology.

  • Sot Me

    Today i tried to log in in my account and for a strange reason i could not log in and i did that earlier when i made format to my computer and yesterday. I have a supspision that someone hacked me, please someone Admin contact me please to change email because in the email i was registed was also hacked my hotmail. I will be very obliged if an admin help me to solve this problem.

  • Histakel

    For all the concerned people out there, I would like to say a very big thanks to Opera for all their transparency, for informing us and for resetting the password. They could have just kept silent, but a responsible company is open, just like Opera, even at the cost of upsetting a people usually very unaware about security.

    • BK

      Thanks a lot!

    • Lord Epical

      Actually, under both EU and the laws of several US states, they HAVE to report a breach to both law enforcement, and everyone who was affected.

      • Histakel

        Thanks for the info, though all those internet-local regulations policies are actually very difficult to understand. I thought Opera was still a company based in Norway which is not in the EU, but takes over a lot of legislative. At the same time, I cannot imagine they can check the laws of every single country of their users to comply with the local laws …

        • Lord Epical

          As long as a company serves citizens of either a country or a state, that company HAS to obey the laws of that country or state. As I presume such a large demographic of their users either live in the EU, or one of the many states in the US where it is mandatory, they would only need to know of the law existence. I also presume that most developed countries outside the EU have the law as well.

          I wouldn’t consider Opera to be truly based in Norway now, as they were bought by a huge Chinese consortium in July for 600 million USD ( From https://en.wikipedia.org/wiki/Opera_Software )

          I also wouldn’t thank Opera Software for disclosing it, due to how untimely it has been. As you can see from the post, they have stated that the breach was “Earlier this week”. This means that it is possible that the breach could have occurred MONDAY, and they have only gotten around to warning the users that their credit card info (Via online banking accounts) , and their personal info (Facebook accounts, etc) are at risk now, on Friday.

          • Slawek Sochaj

            Opera is and will remain a Norwegian company. W operate under the Norwegian law and will continue to do so.

          • Lord Epical

            Under the Opera Privacy Statement ( https://www.opera.com/privacy ), it claims that you may share our data “To a third-party purchaser or seller (including professional advisors) in connection with a corporate event such as a merger, business acquisition or insolvency situation”.

            Does this mean that Opera user’s personal data has actually been shared with ‘Qihoo 360 Technology Co. Ltd.’?

          • https://www.facebook.com/Truth47 Riccardo Ulisse Manani

            Of course..What did you expect to be bought and to not produce anything? Used data, analytics and things like that are shared. Of course they don’t share user passwords or accounts.

          • aBallerDotCom

            You go to the banks and say someone has you credit card and the bank doesn’t even want to shut the card down, they want them to use to card to catch them. The banks don’t care about the customers. So in reality there is nothing you can do if your credit card information is stolen besides call and get another sent out with a different number.

      • https://plus.google.com/+StephStephanieSteph StephStephanieSteph

        I’ve never heard of a company covering up things. So, just because it’s law doesn’t matter.

        • wudntulik2know

          “I’ve never heard of a company covering up things”…….hahahahahahahahahah…………good one.

          Yup, corporate America, where covering stuff up is the name of the game.

        • Francesco `ascii` Ongaro

          You never heard because they covered it 🙂

      • Ruth_opera

        You’re correct and it’s important people know that if they use a service from an EU based company for example. We emailed all sync users as soon as possible but published this blog as a way to give information and answer anyone’s questions

    • Yvonne Gonzalez

      We truly appreciate your kind words! Most of all we appreciate your patience with us! Thank you!

    • Ruth_opera

      Cheers Histakel 🙂

  • Histakel

    I find it really hard to fathom why would anybody store gmail, facebook and banking passwords on a cloud service. Consider this as a lesson in computer security not to save these important passwords anywhere. And if you are using sms 2factor authentication on Android, make sure none of the apps have access to your SMS messages 🙂

  • Wraith

    Mmm a few days ago I think was on Monday, AVG antivirus detect a malicious application trying to start on my system, the malicious activity who was blocked by AVG in fact was Opera developer automatic update, strange but now I do not know if this has something to do with this problem too,very odd but you guys in Opera should need to check that too.

    https://s16.postimg.org/azz0suocl/avg.png

    • BK

      Opera developer? It’s not directly related. Rather antivir false positive detection.

      • Wraith

        Good to know, I was beginning to worry about that because this alert pop up on my two machines the same day (work and home). Thanks for your answer.

  • https://vivaldi.net/unity/profile/chas4/6-blog Chas4

    This explains the email I got

    :knight:

    Been on since Opera Link

    • Yvonne Gonzalez

      Yes, Please be sure to reset your password Chas.

  • Jason

    When I login to my account I can see that I had 20+ synced passwords. How do I tell which 3rd party sites those passwords are connected with so I can reset those as well?

    • Leonardo Gomes

      Settings > Security and privacy > Passwords > Manage Passwords

  • Blaine H

    I guess that explains why someone kept trying to reset my PSN password. “Earlier this week” eh? Should have told us sooner. I also tried to disable password synchronization but apparently unclicking the box doesn’t work because my passwords were synced regardless. What kind of shit is that? I’m done with using the sync service period at this point, maybe even the browser. I can’t help but feel like you’ll store my passwords even if I’m not logged into my Opera account.

  • dave

    Maybe Opera should do the 2-Step Verification that every Company is doing it now

    • BK

      We most likely soon will.

      • http://sandalian.com/ Yeni Setiawan

        Including U2F, hopefully.

        • BK

          yes

  • Mike Proz

    lesson=don’t save, don’t sync, don’t worry

    • Ruth_opera

      Not completely un-wise advice but in today’s world that’s becoming increasingly more difficult to do (depending on how many online services you use). We just hope we can help keep people informed and providers and users alike act quickly when precautions need to be taken

  • https://whatigottasayaboutit.com/ Jose Cosme

    Wow! I’m so grateful that I never stored any passwords on Opera. For that matter, I never store passwords on any browser. I mean, cmon now, look at all the hacking that has been going on. Even our governments get hacked. Use a password manager like Keepass and don’t store your database on your computer. Store it on a thumb drive. This way if your computer gets hacked your passwords are not available.

  • RedBatman

    So should I rest my password for every account I have synced to opera, cause I changed my default opera password already? Also I use both Chrome and Opera and some of the sites I use share the same passwords on both browsers.

    • Slawek Sochaj

      Yes, our recommendation is that you reset passwords for these accounts, just in case.

  • Kagome Dirksmeyer

    How long is going to take you guys to fix it? That the question? So we can log in again I never got a email from you guys I happen to use Opera and seen it

    • BK

      Hi. We’ve blocked attackers. If you reset your password, sync should work again properly.

  • John

    Just deleted my sync account and now it’s time to change all my passwords (thanks opera).
    I will never use such a service anymore, I should have stopped after lastpass had the same issue, you can only rely on you with such sensitive data.

    • Nerdebeu

      On principle, I do not store any sensitive password on a synchronization service: banking data, administrative, online shopping, everything related to money and emails (I use a local passwords manager for this ). I only stores non important passwords with sync services: forums, various sites.

  • http://sushubh.net/ chromaniac

    Tarquin is still at Opera? That’s another tragedy to be honest. Such a great guy. Such a disappointing company.

    • ShintoPlasm

      lol

  • Paco

    Hello everyone, thanks for the info, I have a problem when trying to recover my password does not send me to my mail, I will have to create a new account? sorry for my bad English

    • BK

      Hi, please check you spam folder, or try again with the password reset.

      • Paco

        no, I have nothing in the spam folder, try my user and my mail, but I do not get anything 🙁

  • Wizardling

    So that’s why I had to use password reset tonight. Well, at least you’re on the ball with such matters.

    • Ruth_opera

      Appreciate your support Wizardling and thanks for actioning the email we sent

  • gp

    I’m an Opera browser user who don’t have Opera account and don’t use Opera sync. So Do I have to change all the third parties passwords?

    • hari.g

      No, you don’t have to. This incident affects Opera accounts only.

  • Crystal Kaulbars

    Hi, I’ve never used sync up with anything, does that mean I still need to do a password? I’ve never had a password, I’ve only used this awesome browser since the day I found it, but since I only use it on one device, is it necessary to worry and/or create a password?

    • BK

      Hi, if you are not using sync, you don’t need to worry. Regards.

  • Crystal Kaulbars

    P.S. This is the best browser ever!! Some sites, including my school have tried to shut me out saying it’s not compatible with their service, but I just feel that I love the little icon way of fav’s and I can’t go back to the tedious lists of lists! Opera RULES in my life 🙂 I don’t want it to go anywhere, but it seems like the big boys are gunning to shut it down? Another thing I love about Opera is that it doesn’t shove itself at me all the time like Bing and Google, it’s just there and lovely, like an actual opera, in harmony with the busy day 🙂

    • BK

      Thanks a lot !

  • David Kinlay

    Appreciate your help and support

    • BK

      thanks!

  • red5goahead

    I also had some kind of wierd behavior since Tuesday or Wednesday I guess. Only with Opera developer, sometimes new tab open automaticaly with unknown commercial link. No problem with Opera stable release that I switch to quickly.

    • BK

      This is unlikely related to this communication. You should search for some malware on your PC.

  • NoName

    When the new Opera Sync was created, people were very concerned that the data was not internally encrypted with a password from the user.
    You didn’t really see it as an issue, as it was only internal data. It is still properly encrypted when transfering to/from the browser to Operas servers, was your argument.

    I hope you understand why people were (rightfully) concerned!

  • wudntulik2know

    Gee, and it only happened since you shoved the abysmal V39, which sucks, down our throats.

    Brilliantly done.

  • wudntulik2know

    Well, they fucked up Speed Dial and the scroll bar on Speed Dial and the size of the thumbnails on Speed Dial, but they don’t care one little bit, since they don’t even acknowledge they’ve fucked them up. V39 sucks.

    • http://www.netsolutions.dynu.com/ William L. DeRieux IV

      They also removed the speed dial search box (not the search engine box).
      There is a search box on each speed dial folder, but I want to be able to search all speed dial folders (since I have a lot of pages in each folder and I don’t want to manually search each folder).

      • Leonardo Gomes

        This discussion is kinda off-topic in this post and blog but let me say that you can use the address bar to serach your speed dials.

        • http://www.netsolutions.dynu.com/ William L. DeRieux IV

          Huh…did not know that (there was no indication that feature was added there — i never use the search bar).

          Thanks.

          • Leonardo Gomes

            It’s been a while that address bar shows Speed Dial content while you type in it.

  • Gobi Todic

    Thanks for the blog post but to my mind, it is a bit too unspecific. So far it seems that the Sync-Accounts themselves (the credentials used to access the Opera Sync account) have been compromised which would explain the global password reset since that would stop the attackers from accessing data via the sync operation.

    But it is not clear whether attackers were also able to access the encrypted data itself. In that case, changing all passwords is essential in my opinion because the encryption can then be broken using brute-force attacks.

    So I really would like to know in what way the attackers did access the data (via sync operation or directly like in “via filesystem”). Since this happened “earlier this week” I would actually expect a more thorough blog post by this time.

    • BK

      “But it is not clear whether attackers were also able to access the encrypted data itself. ” – we’ve not gained evidence attackers obtained the data, encrypted or not. But as a precaution, it’s safer to act as if they did.

      • Gobi Todic

        OK, thanks for the heads up. Since I did not use a separate encryption passphrase I already changed passwords for most of the sites stored in my account as a precaution.
        I would also like to see 2-factor-authentication for opera sync as soon as possible as well as a more detailed post-mortem report on this incident.

    • Barnassey

      the only data that was encrypted was passwords.

      • Gobi Todic

        Yes, I know, but that is not my question here. The question is, whether the attackers extracted data via the sync protocol itself or by gaining access to the actual hardware that runs the sync software.

  • Horatio

    How ironic that this would happen just after you sold off the Opera browser to the Chinese!
    There is no longer any such thing as trust or security.

    • Lord Epical

      Under the Opera Privacy Statement ( https://www.opera.com/privacy ), it claims that Opera may share all of the data they have collected about us “To a third-party purchaser or seller (including professional advisors) in connection with a corporate event such as a merger, business acquisition or insolvency situation”.

      Opera Software ASA being bought by the Chinese company ( Qihoo 360 Technology Co. Ltd. ) falls under ‘business acquisition’. I haven’t received a reply when I asked about it 5 hours ago, so I must presume that the data was sent.

      I have just started to use Vivaldi (Which was created by a co-founder and former CEO of Opera Software ASA. It has very similar features to Opera ( https://vivaldi.com )) because I wasn’t even made aware of the acquisition by the Chinese company (Which is known for its malware-like features in their own browser (See https://en.wikipedia.org/wiki/360_Secure_Browser#Controversy ) ) until yesterday, which is highly unethical on Opera’s part (Especially since I have convinced several of my friends to use it, since I begun to use it in 2009).

      The amount of Opera users is also severely declining ( According to http://www.w3schools.com/browsers/browsers_stats.asp ), and on top of Opera’s seemingly unethical policies, this is a good time to jump ship for me.

      • Nerdebeu

        You lived in a cave? All internet talking about the next sale for months. Sale that is also not effective and was postponed for legal reasons.

  • tarkus

    What exactly happens if I push ‘reset sync data’? Everything goes to drain and when I sync again everything is re-saved? And why passwords & preferences are in gray (no viewing or editing allowed)? How can I reach my saved passwords (to see what I have stored in there)?

    • Nerdebeu

      1) yes, that’s what I did yesterday.
      2) your passwords are visible in Settings / Privacy and Security / manage saved passwords.

    • Leonardo Gomes

      AFAIK, your synced data is removed from the server and sync start as if you were doing it for the first time.

      I guess passwords are unaccessible for security.

      You can check your saved passwords in Opera’s passwords manager.

  • Neil

    Idiots what a complete mess, why was this possible in the 1st place, I ask was this part of your system to have a cheap firewall or did a manager refuse to employ a proper person to look after their systems, in any case I assume it’s a managers fault for refusing to spend some money somewhere along the line,then an opportunity arised for a hacker to steal all the info, I’m really angry with them now I gotta change tone’s of my passwords, WE WANT ANSWERS!!!

    • Ruth_opera

      Hi Neil, I hope some of the information form the answers given on this thread have shed some light. As seen in recent weeks, even the biggest companies aren’t immune to these kind of attacks. We put security before anything else and have a very capable and dedicated team, which is why we were able to react so quickly to this incident. If you have any specific questions/concerns that haven’t been addressed please let me know!

  • Kagome Dirksmeyer

    I want to thank the folks at Opera to catch the breach and they fixed the Opera web page as soon as they was told the page was all text and told them on twitter about it and they fixed it right away

    i am going to use another browser until they get the Sync feature fixed again I still cant log into it I been trying for 2 hours I know it going to take some time to fix I will check back in a week or 2 to see if it fixed I hope Opera will send a email to everyone when it fixed I really love the Opera browser I don`t want have to use another browser I have no choice now since the Sync feature is down

    • Nerdebeu

      Sync works… Since yesterday, you had to reset sync data and your issue will be fixed.

    • Leonardo Gomes

      Even after have reset your Opera account password you can’t login?

  • Bonnox

    how to know if the account has been compromized?

    thankyou

    • Nerdebeu

      Change your account password and change all your passwords and there will be no problem or concern.

      • Bonnox

        you put it simple… -.-“

        • Nerdebeu

          It’s especially effective

          • Bonnox

            well, it’s work flow breaking when you have to change a bunch of password specifically crafted for being both strong and easy to remember.. now I have to mangle those password woth stupid foots, and hope the new one doesn’t exceed the idiotic character limit that some site adopts… -.-”
            and hope to remember, obviously.

  • Cehd

    Sorry to hear what happened.

    I was using Opera Sync and password sync with paraphrase. Should I be worried? Without my paraphrase they can’t do thing with encrypted data, can they?

    Should I change all my password as a precaution with haste or can i take it easy because I was using paraphrase.

    • BK

      Using passphrase should give maximum protection. We can’t guarantee though you are 100% safe.

      • Cehd

        Thanks, I will change all my password then for obvious reasons you point out.

  • Barnassey

    I’m actually going to retain a lawyer over this. If i find out you did not one-way hash the passwords and other data, i promise you i will make your company pay. Class-action level.

    • BK

      We store only hashed and salted passwords.

      • Barnassey

        It shouldn’t have just been the passwords. Everything else is just as private. Your company’s lax security revealed a whole host of other things. this is why you will lose the the inevitable lawsuit.

        • Gobi Todic

          Synching everything encrypted would prevent you from viewing your Bookmarks online since the decryption password is not stored on the sync server.
          Since this is an opt-in feature and you need to agree to its terms, I doubt your lawsuit does stand a chance.

          • aBallerDotCom

            Yeah, doesn’t the checkbox that says “Encrypt only synced passwords with your Opera credentials” and “Encrypt all synchronized data with your own sync passphrase” is the major factor in what was actually encrypted.

    • Alanaktion

      You can’t one-way hash a password that has to be stored and retrieved later to fill in another form. Synchronizing hashes of passwords provides no value in a web browser. I would definitely hope the data was encrypted with a user-specific key, hopefully either encrypted by or generated from the user’s sync password, but honestly you just shouldn’t ever trust proprietary cloud services with your data.

  • abc

    I’m using Opera Mini with Opera Sync and have some passwords saved by it. Should they be “synchronized passwords”? It said nothing about saving them onto the cloud.

    • BK

      Hi. Sync is build in, but opt-in feature. Passwords synchronization is available only on desktop, so you are fine.

      • abc

        Thanks! I’m glad to hear that my three passwords were safe, while the status of the bookmarks is still unknown…

  • Feligno

    Hi, i don’t remember if i have used a Passphrase to sync my password or not. Is there any chance to know it? I have reset my pc last monday and i had to use passphrase to sync, but i’m not sure of it.
    Moreover, is there a list of compromised sync account? Or all of them are compromised?

    Thanks for the answer

    • hari.g

      If you have enabled custom passphrase for encrypting passwords, the sync dialog would ask for entering the passphrase after you sign in with your Opera account.

      As for what was compromised, the intruders had access to the servers, so from security viewpoint one should think of the worst case scenario.

      • Feligno

        I have already reset all password of accounts saved with sync. Anyway If i had enabled the passphrase to sync I should to be safe, right? This because i have read that passphrase isn’t stored on their servers. Right?

        • hari.g

          Yes, the custom passphrase is not stored on the servers, so it is safer.

          • Feligno

            Sorry for so many questions 😛 But, if it’s not stored on opera server. How can it sync my passowrds when the orginal device is offline?

          • hari.g

            When you sign-in on a device to start syncing from there, you’ll be asked for that passphrase, which is used to encrypt/decrypt data.

          • Feligno

            What i mean is: if i sync my passowrds with passphrase in PC 1, the PC 2 receive a file, in which there is my passowrds, but that can be decrypted only knowing the passphrase beacuse it is stored inside that file and not with my opera login data, right? So I’m the only one that know the passphrase and the only way to decrypt “passwords file” is a brute force attack, right?
            Anyway, do you know if is there or there will be a list of compromised account?

            Really thank you for you patience

  • http://rasarab.wordpress.com/ rasarab

    I was really surprised

  • hrh_fourtyseven

    Jesus!!!!!!!!!!!
    what the hell should I do with 251 passwords!!!?????!!!
    Wow! I cant believe!
    this is a one week project to change all of them!
    can I ask what security solutions are you going to add to prevent problems like this?

  • RhMTeo

    I want to know what time and date the attack happen ??? I deleted all my password sync last month…just in case im lucky lol

    • BK

      If you deleted your passwords month ago, you are for sure fine.

      • D Dodo

        Hi. I cannot login to Opera, I cannot retrieve my password. email is not sent to my mailbox. How to get my account back?

  • Thiago

    Lost my Old account due to. I’m very disappointed by Opera because lost my data access because a resetting without asking me. Fortunately, the notes were backuped before…

    • hari.g

      You don’t have access to the e-mail used for the account?

      • Thiago

        Mail company is dead. No more site; no e-mail. I didn’t expect the Opera change my password without asking me after years…

  • Emilie Roper Smart

    I have opera developer installed but I’ve never use the Synchronize feature. Should I worry about this hack?

    • Leonardo Gomes

      If you never used Sync then I guess you don’t need to worry.

  • NoDiscussion

    Guessing Sync uses sams FS as Opera Mini, Per H. should look over his Pike code…

  • Ben Opp

    “we have encouraged users to also reset any passwords to third party sites they may have synchronized with the service.”
    Does this refer to passwords stored in the Opera password manager?

    • BK

      No

      • Ben Opp

        Theb what other passwords would I have synced with Opera sync?

        • Gobi Todic

          You have to distinguish between the opera password manager which only stores the passwords locally and the opera sync service that will encrypt (among other stuff) the data from the password manager and synchronizes to the opera cloud service.
          So if you use the opera sync service, then yes, this refers to the passwords stored in opera.

          • Ben Opp

            Well in that case, this means that Opera recommends us to change every single password that we store in the password manager of a synced Opera instance. …which is potentially all our passwords

  • Pavel

    Hi.
    Can I know somehow was my account compromised or not???
    Someone got my data in last two month?

  • Vulisha

    So you are saying our synced passwords are secure none the less? And i don’t have to change password for every last one account I have, including paypal, gmail, and other 240 passwords??

    • hari.g

      As the blog post says, the passwords were secured but still to avoid any risk, it is encouraged to change them.

  • Muad Dib

    I have received a second email that is saying my password was reset (just now). Is there another issue? Are we OK?
    Please confirm, thank you.

    • Leonardo Gomes

      Receiving an email notification about changes made in your account is kinda normal on the internet.
      Usually their text include something like this:

      “If it was you then you can just ignore this message. If it wasn’t you then please contact us at [some link]…”.

      So I guess the point is ‘did you reset your password’?

      • Muad Dib

        I’ve said a “SECOND” email. I’ve got a similar one when the breach happen in 26.08 or so. Now I got ANOTHER one.
        It is a legit question to ask; was there another breach? Is this an unintended email?
        Forgive me about being cautious after spending the last days resetting dozens of passwords.

        • Leonardo Gomes

          Do you have more than one Opera account? Or maybe more than one email address associated with your account?

          I also received two emails talking about the incident and about passwords reset because, I guess, I have more thann one account.

          • Muad Dib

            Just one account on one email.

          • Leonardo Gomes

            Then I don’t know.

          • BK

            just a glitch. There was a single event.

          • Muad Dib

            Thanks a lot for the clarification.

    • Gobi Todic

      I got a second email as well – since my password was not reset by Opera, I think this is just a glitch that led to multiple mails being sent.

  • Patrick Dunford

    What I didn’t know but have discovered to my discomfort was the browser was actually storing passwords by default. I don’t recall being asked if I wanted my passwords stored but this appears to be a default setting. I remember using browsers that asked you to confirm if you wanted it to save passwords and now, it seems, the focus is on gathering as much data as possible, by default, unless you check to make sure that data is not being saved.

    In this case I discovered completely unknown to me that the sync service has stored 42 site passwords.

    • Leonardo Gomes

      Here Opera always ask if i want to save a password.

      • Patrick Dunford

        I have checked and found there are two separate settings

        1. In the browser settings there is a setting under Privacy and Security called Passwords and it says “offer to save passwords I enter on the web” and this setting is unchecked on my computer which means it shouldn’t be saving any passwords. But in spite of this I click the Managed Passwords button it shows me three passwords it has cached, which must be locally saved on the computer.

        2. The setting for sync must be a completely separate setting because it was obviously syncing by default. I deleted my account so I can’t check the setting. But it is abominable to have two separate settings and claim as I suppose they will that the sync setting isn’t related to the local setting.

        • Leonardo Gomes

          There is actually a password stored in the passwords manager? Or it’s only the site/page listed there?

          By default, password sync is not enabled in synchronization settings.

          There are different settings because there are two different functions.
          One is for locally store your passwords in the passwords manager and the other is for sync those passwords with Sync.

  • Eduardo

    Hi. I created my account yesterday (27/aug/night), are there any risks that I’ve been affected?

    • hari.g

      No.

  • Ivo Filipe

    I reseted, as instructed on your email, 2 days ago…
    But, received the same e-mail 5 hours ago. Automatically sent to users or again, supposed to do it again?
    This is not my area of expertise…but, even if resetting the password, having the hackers gained access to the servers, does it really matter? I mean, are all the passwords of every platform I use exposed meaning I should be more concerned with that, and change the passwords of everything?

    Thank you in advance.

    • Leonardo Gomes

      I did get two emails from Opera because I have two Opera (sync) accounts but none of them arrived in the last day.

  • https://games.mail.ru/profile/mail/drac5/ Dracer5

    Tried to reset my password yesterday morning. Still have not received new password 🙁

    • Ruth_opera

      Hey Dracer, there may be a little delay due to how many people are resetting at the same time. If you haven’t received it in the next day or so give us another poke 🙂

      • https://games.mail.ru/profile/mail/drac5/ Dracer5

        It would be nice, if you could provide another method of restoring password. I still didn’t receive the new password

  • jho

    The disadvantage of storing all your passwords in one place is, that in case of a leak you have to change every password. Keep them seperated!

  • http://www.swanairtravel.biz/ Sacha Obado

    I am having an issue with my account. I have reset the password but i dont get the email. I don’t remember the email it was tied to.

    • Ruth_opera

      Hi Sacha, email me at social-networks@opera.com with any details you do have and I’ll try and find you on the lists. If you have a couple of guesses at the email I can try with those 🙂

  • dare

    I never used Opera past v12, but I still received the mail. I used the old Opera Link to synch passwords, bookmarks, and so on, are those still on Opera servers?
    If I go on https://sync.opera.com/web/ I read “You have no sync data stored”; does this mean I’m ok?

    Also Opera didn’t said when their servers were breached, if it happened years ago (it’s possible, see http://www.theregister.co.uk/2016/05/24/linkedin_password_leak_hack_crack/ where they discovred it after years) they may have exposed the old Opera Link data instead of the most recent, assumed there is a difference in synch between Opera pre and post v12.

    Changing the password by the way.

    • hari.g

      As far as synchronization goes, it would be fine, but you probably has an Opera account. In that case, you should reset the password.

    • Ruth_opera

      Hey dare, you are correct this done mean you are most likely unaffected. As a precaution however we are asking everyone to reset their passwords (good to do every once in a while anyway). Thanks for actioning it!

      • dare

        Sorry, I would still like a better reply, thank you.

  • Dany Bravo

    What if I use VPN with Opera? Will it work? Will there be any risk?

    • Ruth_opera

      Hey Dany, thanks for asking. This is unrelated to our VPN service and you can continue to use it normally 🙂

  • azamirDEV Fox

    help me please. I can not restore the account. mail with a password restoration comes. Email: azamirdev@gmail.com

    • Ruth_opera

      Hi, what’s happening when you try to get a password reset?

      • azamirDEV Fox

        Nothing happens. a message sent to your mail . and in the mail message does not reach. on another account came quietly restored . and shall not come into azamirdev@gmail.com.

  • Stefan Bück

    hi opera support team

    are you saying I need to recreate all passwords I have saved inside opera-password-management ?!?!? Seriously? That would be quiet an amount of work!

    Please confirm or specify

    • Ruth_opera

      Hey Stefan, not the password manager. Just the ones stored in sync. You can log on and check which ones they are (if any) here https://auth.opera.com/account/login

      • OliverStefan

        Hi Ruth! Thank you very much for your Support! Your information helped
        me out a lot. Due to your information, I was able to check my case, – I
        found out no passwords are lost at all – that is great news, thank you
        again for your support

    • Ruth_opera

      Hi Stefan, no the password manager is unaffected. It’s only passwords that were saved via sync. You can check if you had any here https://sync.opera.com/web/ just log on 🙂

  • SptWr

    Opera is the best and i enjoy using it daily , i am careful and build strong passes and thanks for the warning and instructions guys.

    • Ruth_opera

      Thanks for your support! Glad to hear you’re being careful with your information online, nothing more important than your privacy and security

  • Anacreon

    Here is a glitch in Opera.
    I always used Opera Developer. The ‘Clone Tab’ feature started to work in very weird way. So far, I liked to copy tabs with ‘Clone Tab’ leaving the first original tab alone just for reference. Since last week however, pointing the tab with right click the new tab comes blank with this strange address below.

    https://s.yimg.com/rq/darla/2-9-9/html/r-sf.html

    Similar problem shows up when I try to go back with ‘Undo’ left hand arrow. It does not go back to original view, but gets blank with this weird address above. It does not happen when I tried to operate Firefox or Chrome. What is that?

  • Anacreon

    I forgot to add in my previous message that the problem with ‘Clone Tab’ happens only when I open Yahoo, my preferred web page and couple of others. Both; american and european web sites. Not all….. Each time I get blank page with unknown address. However, different than the one in my first message. I have used Opera for the last two years without any problems, but not now….

    • Ruth_opera

      Hey Anacreon, appreciate the report! Have you sent us a bug report about this? It’s the best way for us to check out this issue for you. If you have already done so and have a reference number I can chase it up for you 🙂

      • Anacreon

        Ruth, I placed my comment on this address below

        http://www.operasoftware.com/press/contact/form

        Now, in case you couldn’t find it I repeat may message below. Please, read it….

        There is a glitch in Opera. Opera Developer, this is what I use. My favorite ‘Clone Tab’ feature started to work in very weird way. I always copied tabs with ‘Clone Tab’ leaving the first original tab alone, just for reference. Since last week however, pointing the
        tab with right click the new tab comes blank with this strange address below.
        https://s.yimg.com/rq/darla/2-9-9/html/r-sf.html

        This happens when I am in Yahoo, my preferred web page and couple of others. Both; american and european web sites, but not all…. Each time I get blank page with unknown address. However, different that the one above. I have used Opera for the last two years without any problems, but not now….

        Similar problem shows up when I try to go back with ‘Undo’ left hand arrow. It does not go back to original view, but gets blank with those weird addresses. It does not happen when I tried to operate Firefox or Chrome. What is that?

      • D Dodo

        Hi. I cannot login to Opera, I cannot retrieve my password. email is not sent to my mailbox. How to get my account back?

  • TAZIT

    А что мне тогда делать если моя учётная запись имела e-mail от myOPERA , который теперь тоже не работает ?!
    Я всегда на устройствах создавал синхронизацию чисто по логину и без электронной почты … и всё до сих пор работало … . А как теперь быть если нету электронной почты куда высылать сброс пароля … . Его же итак принудительно сбросили !?
    Как мне теперь войти в аккаунт то ?

    • BK

      пожалуйста, отправьте письмо на security@opera.com

      • TAZIT

        Комментарий-вопрос мой что удалили с ленты ? Почему ?
        . . .
        Нет есть вроде . Но почему-то всё перегруппировалось … . 🙂

      • TAZIT

        Что я им туда писать буду ? Я представить себе не могу что теперь с этой синхронизацией делать , которая вообще без шансов на вход осталась … .
        Я знаю только свой логин и пароль (который как оказывается сбросили в никуда …) … и это всё … .

        • BK

          1. Please use English
          2. Write to them your original email and current email, and something that might prove you are the owner.

          Написать им свой оригинальный адрес электронной почты и текущий адрес электронной почты, а также то, что может доказать, что вы являетесь владельцем.

  • vivian

    “The total active number of users of Opera sync in the last month is 1.7 million, less than 0.5% of the total Opera user base of 350 million people.”
    Then you should remove this feature from Opera because not enough people is using it – like you did with all the features from the old Opera.

    • ShintoPlasm

      lol

  • http://www.facebook.com/JeetegiDelhi We The People

    Even i use opera sync service, i am concerned about my passwords, Please know that in opera browser in “Advanced Synchronization Settings” under Settings > Browser tab
    I didn’t earlier check the passwords radio box for synchronization while all other things such as Bookmarks , History , Settings are checked for synchronization. I am only bothered about my passwords, though i have passwords saved on my device in opera password manager, When i login in to opera sync account it shows “0” passwords synchronized while it shows some figures for all other things …………………… As i have told you i didn’t earlier choose to sync my passwords specifically & opera account shows “0” passwords synchronized can i mark myself as safe ? or still i need to change passwords at third party websites ?

    • hari.g

      If you haven’t synced web passwords you don’t have to change them because of this event. You would need to reset the Opera account password though.

  • http://ww1.3xhacks.org/ DisqWalify

    Thanks for fast response, Opera team. Long time user here, since v.7. 😉
    No big deal, if you ask me. I regularly reset my sync data and keep my passwords encrypted on my HDD. Passphrase for a synced passwords is a way to go, IMHO.

  • http://eliotime.com/ eliotime3000

    For somebody that forgot their e-mail that used for sign-up in Opera Sync, why doesn’t appear a part of email for just check on the inbox? Because I have many email accounts and I don’t remember very well which email account I’ve used for sign up to Opera Sync.

    PS: My Opera Sync account is the same that appears in my Disqus account.

  • wudntulik2know

    Hilarious. You’re giving Social Fixer a hard time about blocking ads on your stupid browser.

    Man, you really do suck.

    • ShintoPlasm

      Huh? Social Fixer hasn’t been updated for two years anyway… It’s all FB Purity now!

  • Chege W. Chege

    Thank you guys but I guess a little advice is important. Everyone is now using the 2-step verification to counter security breaches. Isn’t it high time you guys took us that way?

  • wudntulik2know

    Oh and when did putting a bookmark into a folder on Speed Dial become Whack A Mole. Used to be: move the bookmark into the folder, end of story. Now, TRY to move the bookmark in, the folder moves away. Rinse and repeat. You techs think it’s funny? So, let’s see, you made the scroll bar on Speed Dial invisible, you darkened the background skin, you made the thumbnails illegible, and you turned filing into a folder a game. Way to go, improved Opera V39. You still suck.

  • debra beverly

     I really don’t know much about this scam thing and at the same time , no one wants to be on the losing side . But i just came across a good hacker who helped me hack my boyfriends text messages, whatsap, Facebook , Instagram messages remotely..You 2 have to touch his phone while you have access to his conversations through the software he bought and install remotely on my phone , i dont know how he did this but i think he’s perfect at it…..contact him at hackcyberlord@gmail.com..Tell him Debra referred you, then you can thank me later. God Bless.

  • RAJAMOHAN

    Opera is my Favorite 😀

  • Dom Nowak

    I was attacked as the result of this

  • Christoph Waltz

    How long would it take to hackers to crack a random generated password of 40 letters, signs and numbers?))

  • https://games.mail.ru/profile/mail/drac5/ Dracer5

    So, 6 days behind and still didnot receive new password 🙁

  • Markoff

    why would anyone use this Chinese spyware anyway? some people will never learn from examples like ES file explorer, quickpic, etc

  • azamirDEV Fox

    password does not come by e-mail help !!!

  • https://games.mail.ru/profile/mail/drac5/ Dracer5

    Is anybody home? Cannot use Opera Link for 9 days 🙁

    • Leonardo Gomes

      Do you mean Opera Sync? Link has been closed a while ago.
      And why you can’t use Sync? What happens?

      • https://games.mail.ru/profile/mail/drac5/ Dracer5

        Sorry, of course Opera Sync 🙂

        • Leonardo Gomes

          Right, but why you can’t use it? What prevents you from using Sync?

          • https://games.mail.ru/profile/mail/drac5/ Dracer5

            Opera sync cannot login. I still didnot receive new password.

    • https://games.mail.ru/profile/mail/drac5/ Dracer5

      Opera, my apologies! I forgot that I registered my opera account to old mailbox. I have found all the mails with recovery links 🙂
      Sorry, sorry, sorry.

  • Tomek Jordan

    Hi. I cannot login to Opera, I cannot retrieve my password. email is not sent to my mailbox. How to get my account back? Looks like somebody uses my account….due to last leak….

    • D Dodo

      That’s my problem too do you have any idea how could i get my account back ?

  • Кostadin

    OOK. Two lame questions by the 1% of the 1% of the 0.5% of Opera’s users:

    1. Does this mean that I’ll have to make a new account if I have left my sync email @myopera.com?

    2. Does this mean that my passwords are not compromised if I just save them in the browser but I have not synchronized them?

    Thanks!

    • jho

      to 2: locally stored passwords are not effected.

  • srart

    Hey, I’ve got a problem with the password reset. I’m pretty sure that I had changed my account to use my operamail, and that hasn’t been used in years. I’m wondering if I can just get my account wiped out and recreate it. (I’m particularly attached to my username). With minimal effort I can get verified, I’ve paid for opera way back in the opera5/6 days and probably have a few other things that tie the username to me. Any assistance would be appreciated.

  • wudntulik2know

    Wow. Is there no one home anymore? I realize you don’t care about your users, but even an idiot repair like moving a thumbnail into a folder?

    Surely you can hire a programmer in a Third World country to fix THAT one.

    The black scroll bar and the inability to resize thumbnails might actually take money, I understand why you won’t fix those.

    • Leonardo Gomes

      It seems that you are on the wrong place seeing that your comment is unrelated to this post and also this blog subjects.
      Perhaps the Desktop blog be the one for you.

  • D Dodo

    i can’t create a new password through your password reset page and i need my account back how do i get my account back or at least get a new password when i go to the page i wrote my gmail in order you could send me a link to get a new password but nothing has sent to me what should i do ?

  • anonymouskar

    I am simply not getting any password reset link in my email.

  • Mark Kemp

    No wonder I could not login and sync. I cant believe Ive only just heard about this.

  • http://www.netsolutions.dynu.com/ William L. DeRieux IV

    I have reset my password, as advised….
    My password before was 64 characters long with a 128 character sync pass phrase.
    I suspect the attackers would have hard time cracking that 128 character phrase.

    I also logged in using these new creds and all was working,
    but now (9/29/2016) I can’t seem to login.
    I even tried giving it bad credentials and it is the same…
    The login window goes blank and it says that an error occurred.

    I have opened an opera bug on this issue: DNAWIZ-6991@bugs.opera.com

    I believe the issue is related to something in the preferences file for opera.
    If I delete that file I can login, but I have to reinstall all my plugins, etc, but then — eventaully — the login will fail to work again…wash and repeat…ad nausem.

    It is very annoying…

  • http://www.netsolutions.dynu.com/ William L. DeRieux IV

    Yeah 2 factor would only prevent the attacker from being able to login to opera sync.

    It would not prevent them from stealing any other useful information.

  • wudntulik2know

    Who gave Opera the right to pollute my Speed Dial with ads? In this instance, Target. And previously, like the soul less despots at Facebook, ‘places you may like’. Shove them, Opera.

    You already suck, Opera, don’t push it.

  • fge00

    If you could sign in to the damn thing you can use it. I don’t really need this browser. I have a password. I know my password. I am getting really tired of all this captcha bs. You can have this browser.

  • http://www.pilatespal.com Pilatespal

    Thank you for the information and password reset.

  • Sharo Kirima

    hello I need to recover data and bookmarks of my opera account delete
    them by accident and I need them back because I have very important
    data. Do you know how to contact opera support? I need to recover my
    data and I am very angry about losing my data. I use a portable version
    of Opera

  • Tero Dev

    @tarquinwj:disqus how to set new password when I no longer have access to associated email account (my account is very old)? Is there a way to change the associated email account?

  • Tolga Aydemir

    can we get an update? i want to make opera my default browser…but this incident kind of keeps me away.

    • Leonardo Gomes

      Update on?

      • Tolga Aydemir

        well like what did you learn from that incident. what did you change. how could this happen in the first place? did you change something in terms of securing (especially) the passwords? what about the two-step-verification stuff? i kind of expect some transparency when stuff like this happens.

        • Leonardo Gomes

          I don’t work for Opera but I guess that everything about the incident was said on this post and maybe in some replies to comments here.

          Saying more than that would probably just give potential attackers some ammo.

  • http://www.thenortonsetup.com/ thenortonsetup

    That’s why i love opera. Nothing like yahoo mail.. Secure and best.