Filtering thousands of Mega logins and a list of users' files
Just a few hours ago, one of the biggest data leaks that affects the users of the popular Mega storage platform has become known. As has been seen, there is currently a large database with thousands of users and passwords on this well-known file storage platform where the most important thing is "security" and "privacy". This filtered database consists of more than 15,500 logins, and, in addition, is associated with all the files of each account, so, given the security measures of this server, hackers have had to manually enter each one of the accounts to be able to know the names of all the files.
Probably the database was formed from data thefts to other platforms, not a vulnerability in Mega
This database has been detected thanks to a user uploading this database to VirusTotal, probably because he had just purchased it from Deep Web and wanted to make sure it was free of malware. The security experts who analyzed this database were able to verify that it corresponded to the Mega accounts after contacting several of the victims and after they confirmed that, indeed, it was their own accounts.
After analyzing the database it was possible to demonstrate that 98% of the entries (users and passwords) coincide with other thefts of data prior to other platforms. Therefore, although it has not yet been confirmed, it is more likely that the weakness is due to the classic reuse of passwords (may have been achieved from thefts of data to Adobe, LinkedIn or Badoo, for example) rather than by a own failure in the Mega servers.
What can we do if our Mega account has been compromised?
As we told you last week, Mega started sending a series of emails warning of suspicious connections on his platform. Indeed, these connections were not a false positive, but someone was entering the accounts from strange locations.
To check if our account has been compromised, we explain how we can check Mega's connection history to see where and when they have entered our account. In case of unauthorized connections, the first thing we must do is finish them all as we explained in the previous article and, in addition, change the account password as soon as possible so that nobody can re-enter it.
For the moment since Mega have not made statements about this incident, so it is not known if indeed the credentials come from other websites or the servers of the storage platform have been exposed. It is also not known if the hackers have only entered the accounts to download the list of files or, otherwise, they have also downloaded a copy of the files of the users.
What is certain is that it is a shame that Mega does not have a double authentication system to avoid this type of incident. And he does not intend to add it in the short term either.