Abine, the online privacy company owning Blur and DeleteMe has announced on December 31, 2018 that personal information about Blur password manager users were potentially exposed online. The exposed information included users’ email addresses, first and last names, last and second-to-last IP addresses used to login to Blur, encrypted Blur passwords.
Abine became aware of the incident on December 13, 2018 and began working to ensure that their systems and data are secure. They have also retained a leading security firm to assist them and have notified law enforcement officials.The investigation concluded last week, and the company released a security update stating that a file containing information from users who had registered prior to January 2016 were exposed online.
Abine has confirmed that there is no evidence that their users’ most critical data has been exposed, and they believe it is secure. There is no evidence that the usernames and passwords stored in Blur, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed. There is no evidence that user payment information was exposed.
“As a privacy and security focused company this incident is embarrassing and frustrating,” Abine said in a statement. “These incidents should not happen and we let our users down. We apologize and are working very hard to ensure we respond quickly and effectively to this incident and make sure we do everything we can to not let anything like it happen again.”
Blur has provided several recommendations for its users to ensure their security after this incident.
- Blur has requested their users to change their Blur passwords and in case if they use the same passwords on any other service, its advised to change them as well.
- Blur recommended its users to back up their Blur data before making any account changes.
- Further, the company recommends using two-factor authentication for their Blur account in order to add an extra layer of security to their account.