So, what happens if Abine’s servers get hacked?

data-breachThese days, the next big data breach announcement is seemingly a weekly occurrence. Often, the companies getting hacked and their associated data breaches are a result of lax security protocols, but it increasingly appears that no one is immune to the growing number of threats, sneaky hacks, and unknown vulnerabilities latent everywhere in software running across the Web.

It makes sense, then, for our customers to challenge us – Abine might mean well and be on a mission to protect my privacy, but won’t you just end up getting hacked like everyone else, including Equifax?

[READ: Equifax and why Identity Protection needs to be destroyed and recreated]

All online servers and databases are subject to some sort of security vulnerabilities, and every online database *can* be hacked – if anyone tells you otherwise, they’re lying, or simply don’t know what they’re talking about.

Abine isn’t “smarter at security”, we just can’t access most of your data

At Abine, we’ve always considered your data security – as well as your privacy – to be of the utmost importance, which is why our technical architecture is called “host-proof hosting”, an extremely secure method of protecting customer data from any sort of outside attack.

Host-Proof Hosting, Explained

The first key thing to remember about host-proof hosting in regard to Blur is the fact that Abine, Inc. (that’s us) *never* stores any un-encrypted versions of login and password data on our servers. When you use Blur to create a new username and password, that data is immediately encrypted on the user’s end using AES 256 before it’s sent to our servers.

That’s worth repeating. Blur user’s sensitive data gets encrypted before it ever goes out over the Internet.  Your private data stays local, with you.

The second key thing to remember here is the fact that your stored Blur data cannot be read (de-crypted) without your “encryption key”. Your encryption key is your Blur Master Password that you create while registering for a Blur account. We never, ever, under any circumstance, store your encryption key on our servers.

That’s worth repeating too.  We can’t decrypt your data.  We don’t have the password.  Ever.

All that said, even if Abine did experience some sort of hack or data breach, sensitive account data that got into the hands of hackers or data thieves would be unreadable without access to the encryption keys of each of our customers (Blur Master Passwords). This means hackers would have to break into millions of safe’s each with a different code.  While anything is possible, they typically will go for easier targets.

Here’s an example of the process that occurs when you use Blur to store or access your login and password data:

  1. You create a new account for Amazon.com using Blur
  2. The username+password combo is encrypted using AES 256 on the user’s computer/device
  3. The encrypted version of the data is then sent to Abine servers, and associated with your personal ‘data blob’
  4. You visit amazon.com, and tell Blur to auto-fill your login+password combo
  5. Blur searches our database for your encrypted data blob
  6. Using your encryption key, Blur delivers and auto-fills your unencrypted login and password combo into the Amazon.com login form

We don’t know your Blur Master Password, so don’t forget it!

Host-proof hosting makes it impossible for us to access your un-encrypted data that you have stored in your Blur account. Because of this, if you forget your Blur Master Password, you’ll be unable to access your stored data without your Master Password, or your Blur Backup Passphrase. You’ll be automatically given a completely random backup passphrase upon creating your Blur account:

viewbackuppassphrase3

If you ever forget your Blur Master Password, you can use your Backup Passphrase in order to retain your stored Blur data upon completing a Master Password reset:

screen-shot-2017-11-16-at-11-15-25-am

Remember, completing a Blur Master Password Reset without your Backup Passphrase will result in erasing all of your stored logins, passwords, and other auto-fill data:

screen-shot-2017-11-16-at-11-15-41-am

All in all, online security maybe getting worse not better and there’s always going to be hackers out there doing everything in their power to discover the latest security vulnerabilities. Because the ways in which companies are collecting and storing your personal data are constantly changing, it’s imperative for the everyday internet user to stay ahead of the curb by using a secure password and account manager, like Blur.

Blur is the only password manager and digital wallet that protects your passwords, payments and privacy when your browsing online. Blur is built on a secure password manager foundation, with a variety of unique privacy tools like tracker blocking and identity masking combined into a single platform.  And now you know how the Blur platform keeps you safe from a big data breach – by not storing your data in the first place.  Like when you use Masked Emails, Masked Phones, and Masked Credit Cards, not giving the data out in the first place is the best security of all.

About Abine

Abine, Inc. is The Online Privacy Company. Abine was founded in 2009 by MIT engineers and financial experts. Abine, Inc. offers DeleteMe for removing personal information that’s been made public online, and Blur, the only password manager and digital wallet that protects passwords, payments and privacy. Abine’s solutions have been trusted by over 25 million people worldwide.




Join in the discussion

Leave a Reply

Your email address will not be published.

Comment