Abine Data Breach (2018)

On Thursday, December 13th 2018, we became aware that some information about Blur users had been potentially exposed and immediately began working to ensure our systems and data were secure, to determine what happened, and to inform and help our users. We have also retained a leading security firm to assist us and have notified law enforcement officials. A file containing some information about Blur users from prior to January 6th, 2018 was potentially exposed. This file included the following information about Blur users who had registered their accounts prior to January 6th, 2018: Each user’s email addresses Some users’ first and last names Some users’ password hints but only from our old MaskMe product Each user’s last and second-to-last IP addresses used to login to Blur Each user’s encrypted Blur password. These encrypted passwords are encrypted and hashed before they are transmitted to our servers, and they are then encrypted using bcrypt with a unique salt for every user. The output of this encryption process for these users was potentially exposed, not actual user passwords.