Security breach stopped (Opera)

June 26, 2013 – 9:13 PM

At Opera Software, we are committed to the security and privacy of our users. This is paramount to us, and as such, we want to share the details of a recent incident with you.

On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments.

The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser.

It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.

Users are strongly urged to update to the latest version of Opera as soon as it is available, keep all computer software up to date, and to use a reputable anti-virus product on their computer. For more information about the malware, including which anti-virus applications can detect it, virustotal has a good overview.

Source:
http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack