Browser vendor Opera Software has revealed that it was the victim of an infrastructure attack. The incident was discovered on June 19 and publicly disclosed by Opera on June 26.
As part of the attack, a code signing certificate was stolen, exposing several thousand Opera users to potential risk.
“We recently uncovered a targeted attack on our internal network infrastructure,” Opera spokesperson Falguni Bhuta told eSecurity Planet. “This attack has now been halted and contained, and there is no evidence that user data has been compromised.”
While SSL Certificate Authorities have been the target of attackers in recent years, Ivan Ristic, Director of Engineering at Qualys, doesn’t see the Opera breach as likely being SSL-related.
“It looks like someone gained access to their critical systems and then attacked their code distribution architecture,” Ristic told eSecurity Planet.
While security breaches are never a good thing, Ristic did praise Opera’s response.
“It seems that they detected the malware pretty quickly — they removed it after only 36 minutes and the incident took place in the middle of the night,” Ristic said. “So good score on the reaction.”