Posted on December 31st, 2018
Two weeks ago, I was made aware of a data breach that hit close to home for me. Abine, the company that makes the email/cell/credit card masking product Blur is the latest organization to announce that it has been breached. I have recommended Blur on my show and in my books, and I use it every day myself. I have been in communication with Abine since December 17th, 2018, and agreed to delay any reporting until they knew their systems were patched and had a chance to publicly announce the issue, which they did today in a blog post at https://www.abine.com/blog/2018/blur-security-update/.
Before we all panic, let’s take a look at the exposure.
Access was gained to their systems near the month of January 2018.
Data was stolen in reference to members registered prior to January 2018.
This data included the user’s:
First and last names
Password hints from the MaskMe product
IP addresses used to login to Blur
Encrypted Blur password (encrypted using bcrypt with a unique salt for every user)
There is currently no evidence that external usernames and passwords stored by the password manager feature, auto-fill credit card details, Masked Emails, Masked Phone numbers, and Masked Credit Card numbers were exposed in this breach. There is also currently no evidence that user payment information was exposed in this breach.
I have accessed my personal details released in the breach. In it, I could see the email address I used during signup (unique junk account), my IP address used during signup (VPN), my name used (alias), and my password (encrypted and unique). I plan to release a special episode of my podcast today in order to tackle some of the issues learned during this breach.
If you used a strong and unique password for Blur, you have little to worry about.
If you used an alias and a VPN, no big concern there.
If you used your real information, you can be searched by those that have access to the data.
Everyone with a Blur account should change their password immediately.
I did not use their password manager, but if I did, I would change every password stored in it out of precaution. We never truly know the extent of the data accessed.