Cyber Incident Victim: MEGA

In mid-2018, security researcher Patrick Wardle discovered a publicly accessible text file containing over 15,500 user credentials and associated file metadata from cloud storage service Mega.nz. The dataset, which Wardle provided to ZDNet for verification, included email addresses, passwords, and lists of file names stored in user accounts, with records dating back to 2013. Independent verification through contacted users confirmed the authenticity of the exposed credentials. Analysis by security expert Troy Hunt revealed that 87% of the compromised credentials matched previously breached username-password combinations from unrelated data breaches, indicating that attackers likely gained access through credential stuffing attacks rather than a direct breach of Mega's systems. The exposed information did not include actual file contents but revealed sensitive metadata about stored files, potentially allowing attackers to identify accounts containing valuable or compromising information for targeted attacks.

Mega chairman Stephen Hall publicly attributed the incident to credential stuffing, emphasizing there was no evidence of a vulnerability in Mega's infrastructure. During their investigation, Mega identified several compromised accounts containing child sexual abuse material, which they reported to relevant law enforcement agencies. The company announced plans to implement two-factor authentication as a security enhancement following the incident. The exposure lasted for an undetermined period before discovery, leaving affected users vulnerable to account takeover and potential exploitation of their stored file metadata. While the incident did not involve unauthorized access to file contents through Mega's platform, it highlighted risks associated with password reuse across multiple services.