When the cloud-storage service Mega was launched in January 2013, it branded itself “the privacy company.”
The company’s main focus is to keep the files and other information of its users secure. However, this couldn’t prevent its own systems from being compromised.
This week Mega was compromised by outsiders who gained access to part of the company’s infrastructure. According to the hackers, they have access to roughly two gigabytes of data, some of which they released in public.
“We have been digging into some Mega developers account and started to escalate into their systems. We plan to release all the proprietary source code for public analysis,” the hackers informed TorrentFreak.
“This is around 2 GB of source code, including the Mega Chat source code and other services.”
TorrentFreak reached out to Mega Chairman Stephen Hall, who confirmed the breach.
However, the company denies that any critical data has been compromised. Hall says that the affected systems were quickly patched and notes that the hackers did not gain access to user data.
“One of our contractors working on independent systems to maintain the public material on our blog and the help center has been compromised,” Hall told TF.
“This person did not have access to user data, neither does the person have access to critical source code and so the impact is very low.”
Mega’s chairman is confident that the user data is safe and notes that all files that are uploaded to the site are encrypted before they reach their servers.
The hackers, however, suggest that they do have some user data in hand. They might release partial user data in the future, they say, but don’t plan to release any on short notice.
The hackers will make some source code available and have already released some data. In addition, they published admin login details in a Pastebin post. According to Mega, this is related to an older system that delivers blog posts, help center content, and translations.
Time will reveal the true scope and severity of the hack, and if it will affect Mega’s system or users.
Update: Mega released a seperate press statement here.
The service says it wasn’t “hacked” but in a follow-up Stephen Hall confirms that some of their data was compromised by the hackers. “Mega’s separate blog/help centre system was accessed illegally.”