The company claims that unknown persons have stolen data that has already drained away earlier.
The data of several thousand users of the New Zealand cloud storage Mega were the victims of data leakage. This is written by the publication ZDNet.
According to the publication, security expert Digita Security Patrick Wardle (Patrik Wardle) found a text file, which contained more than 15.5 thousand e-mail addresses, passwords and user file lists. The earliest ones are dated 2013, when the service started.
Wardle came across a document in June 2018 on the VirusTotal website. A few months earlier, the user had uploaded it, presumably from Vietnam.
Some users have confirmed ZDNet the authenticity of email addresses, passwords and file names that were contained in the document. Five of the interviewees said that they used the same password for registration on other sites.
The owner of the site Have I Been Pwned Troy Hunt (Troy Hunt) suggested that Mega systems were not hacked, and data was stolen from third-party sites. He noted that 98% of e-mail addresses found in the file were already in the database Have I Been Pwned.
Representatives of Mega said that the list was compiled with the help of not hacking, but checking of stolen credentials. The leak affected the order of “a thousand percent of 115 million Mega users,” said service chairman Stephen Hall.
Who exactly is the author of the list and how he collected the data is unclear. Representatives of Mega promised to introduce two-factor authentication so that “even the company did not see what data is uploaded to the site”.