ZDNet has revealed that thousands of Mega logins are available online – and additionally to the email adresses and passwords a list of file names were exposed, too.
According to ZDNet a file containing some 15,500 usernames, passwords, and file names appeared online. The indicates that the account information (username & password) was not only collected and stored but also used to access the accounts in question and scape their contents.
The data apparently dates back from January this year until 2013 – the year when the company was founded – and it seems the account info is legit: Some of the users were contacted in order to verify and they confirmed that they indeed have an account with the files that were shown to them.
While it is most common that such data dumps are a result of a massive breach at the company in question, this is apparently not the case for Mega. Research indicates that the data was collected from other breaches – after all there are more than enough of those – and then run against other sites, including Mega. This of course only works if people use the same username and password for more than one account.
If you own a Mega account and are afraid that your account could be one of the 15,500 there is an easy way to check if this is really the case:
If you see the message “Your personal data has been compromised” chances are, that the Mega one was amongst them. According to ZDNet 98% of the email addresses in the file were already in databases like the one of the Identity Scanner and similar services.
Your password was in a recent (or not so recent) data breach? Then you should change it immediately by following the below security tips:
If you have trouble coming up with a good, strong, and complex enough password you can always use a good Password Manager to help you out.