Storage is something a lot of people cannot get enough from so it should not come as a big surprise that filehosters, such as Mega, are in high command.
Now ZDNet has revealed that thousands of Mega logins are available online – and additionally to the email adresses and passwords a list of file names were exposed, too.
What happened?
According to ZDNet a file containing some 15,500 usernames, passwords, and file names appeared online. The indicates that the account information (username & password) was not only collected and stored but also used to access the accounts in question and scape their contents.
The data apparently dates back from January this year until 2013 – the year when the company was founded – and it seems the account info is legit: Some of the users were contacted in order to verify and they confirmed that they indeed have an account with the files that were shown to them.
Mega probably not the data source
While it is most common that such data dumps are a result of a massive breach at the company in question, this is apparently not the case for Mega. Research indicates that the data was collected from other breaches – after all there are more than enough of those – and then run against other sites, including Mega. This of course only works if people use the same username and password for more than one account.
Was my account in the mix?
If you own a Mega account and are afraid that your account could be one of the 15,500 there is an easy way to check if this is really the case:
- Visit the Identity Scanner page
- Enter your email-address
- Confirm you’re a real human be checking the check box and click on “Scan now for evidence of identity theft”
If you see the message “Your personal data has been compromised” chances are, that the Mega one was amongst them. According to ZDNet 98% of the email addresses in the file were already in databases like the one of the Identity Scanner and similar services.
Change your passwords – NOW!
Your password was in a recent (or not so recent) data breach? Then you should change it immediately by following the below security tips:
- Use a unique password for each of your accounts. When a website gets hacked one of the first things bad guys do is checking out if your username/email address/password combination works on other (high-profile) pages.
- Your password should consist of at least twelve characters – the more the better. It should include upper- and lower-cases, numbers, and special characters.
- Try and create passwords that can’t be found in a dictionary. Hackers nowadays have programs that cycle through dictionaries to check if they can access your account.
- Don’t use character strings like 12345, abcde, qweertyui, etc.
- Use passwords that can’t be associated with you: Your dog’s name, birthday dates of family members or yourself or your favorite sport are a not a good idea.
- Change your password regularly – especially when it comes to your email and online banking/online payment accounts.
- Don’t write down your passwords and never evershare them.
If you have trouble coming up with a good, strong, and complex enough password you can always use a good Password Manager to help you out.