Slashdot Mirror
Data of 2.4 Million Blur Password Manager Users Left Exposed Online (zdnet.com)
Abine, the company behind the Blur password manager and the DeleteMe online privacy protection service, revealed on Monday a data breach impacting nearly 2.4 million Blur users, ZDNet reports. From the report: The breach came to light last year, on December 13, when a security researcher contacted the company about a server that exposed a file containing sensitive information about Blur users, an Abine spokesperson told ZDNet via email. The company said it followed this initial report with an internal security audit to determine the size of the breach. The audit concluded last week, and the company made the data leak public on Monday in a post on its blog. The data that was available on the web included each user's email addresses, some users' first and last names, some users' password hints but only from our old MaskMe product, and each user's encrypted Blur password.
Every time I see a breach like this, it makes me glad I'm still using KeePass. The ease of use of LastPass is tempting, but these kinds of services are a very large target.
We keep hearing about similar breaches, over and over again, and nothing much ever happens. It seems to be the case that it is actually cheaper for companies to do damage control than to take the necessary security measures to prevent such breaches in the first place. I am sure that a few heads rolled in Equifax after their breach a few years ago - but Equifax is still there, doing what it has always done. They sure took a hit - but they probably calculated that dealing with such hits is cheaper and simpler than implement an effective security policy. No wonder most companies pay lip service to security: they all claim it is very important, but they do less than as little as possible. Until such breaches have a significant impact on their bottom line, things will not change.