Opera users who utilized the browser's cloud sync option may have had that synchronized data taken by hackers, according to the company. While the full extent of the breach isn't yet known, Opera fears that passwords saved in the browser's manager may have been exposed.
Opera's disclosure is light on details at this point, saying they "detected signs of an attack" that indicated somebody had gained access to the servers used for their synchronization service. They say it was "quickly blocked," but also can't say with certainty what—if anything—was compromised.
Most concerning is the possibility that the synced passwords kept on the server were taken along with usernames and account passwords.
The sync system is wisely designed such that the synced passwords are encrypted while at rest on the server. That way, if accessed, they wouldn't be very useful to the hackers. The only problem? These hackers may have gotten the accounts' passwords too, potentially making it possible to decrypt those synced passwords!
Opera is recommending to its sync users that they change third-party passwords stored on this system, though they don't seem to have any specific evidence that they were taken. Like the proprietary software maker that they are, Opera hasn't given enough information about their security design to know just how easily a bad actor could decrypt the synced passwords.
And just to be clear, this only affects people who used Opera's cloud sync for their browser settings, similar to Chrome's and Firefox's. While this isn't normally the kind of thing you'd boast about, Opera proclaims that just a small sliver of their 350 million users—1.7 million—actually utilize this feature and are thus vulnerable.