Users of the Opera web browser who also use its sync server to store and sync website passwords should reset their master Opera sync password as well as the passwords stored in Opera’s sync server for third-party websites, the company wrote in a blog post:
Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.
Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.
We have also sent emails to all Opera sync users to inform them about the incident and ask them to change the password for their Opera sync accounts. In an abundance of caution, we have encouraged users to also reset any passwords to third-party sites they may have synchronized with the service.
Opera says about 1.7 million of its users use its password sync server. Opera users who do not use its sync server are unaffected by the hack.