Akamai Diversity

The Akamai Blog

Opera Browser Hacked

A note of caution for Akamai customers and anyone else using the Opera web browser: Hackers have broken into Opera's internal network. As a result, thousands of users have been the unfortunate recipients of malware.

According to a report on the E Hacking News site, the culprits were able to exploit an expired Opera code-signing certificate. "Cybercriminals used the certificate to send their malware and distributed the malicious software to thousands of Opera users through [the] automated update function," the news site reported. "The malware is currently detected by half of the antivirus engines used by the virus total scanner."

In the Opera blog, Sigbjørn Vik from the quality assurance department wrote:

On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.

The solution, he said, is to upgrade your browser to the latest version.