Thousands of Mega logins dumped online, exposing user files

Zack Whittaker reports:

Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online, ZDNet has learned.

The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped.

Patrick Wardle, chief research officer and co-founder at Digita Security, found the text file in June after it had been uploaded to malware analysis site VirusTotal some months earlier by a user purportedly in Vietnam.


We sent the data to Troy Hunt, who runs data breach notification site Have I Been Pwned, to analyze. His analysis pointed to credential stuffing — where usernames and passwords are stolen from other sites and ran against other sites — rather than a direct breach of Mega’s systems. He said that 98 percent of the email addresses in the file had already been in a previous breach collected in his database.

Read more on ZDNet.

About the author: Dissent

Comments are closed.