Hackers gained access to user data sharing MEGA
Attackers managed to replace the version of the extension in the official Google Chrome, and to access the registration data of users on many websites, including those of direct relevance to the cryptocurrency.According to the company, the risk is users who have downloaded the Google Chrome update 3.39.4, on which work of unknown craftsmen. “Charged” version of the extension appeared in the store on 4 September at 17:30 in Moscow and Kiev.
After the installation or upgrade program asked for expanded powers to read and change data on visited sites. The company says that the official MEGA extension has ever requested such powers.
In case of receiving such authority, application to collect user data from several websites, including amazon.com, live.com, github.com, google.com, myetherwallet.com, mymonero.com and idex.market. The received data is forwarded to the server located in Ukraine.
The breach in security was identified by the company after 4 hours and the infected version of the extension was replaced by the official, 3.39.5. After another hour of Google temporarily removed the extension from Google Chrome.
MEGA apologizes and stresses that the risk was subjected to only the users who have downloaded the plugin, installed it update in these four hours and have approved granting him extensive powers.
The data of the users logged on to the website of file sharing directly, without using the Chrome extension are not affected. The risk also did not affect users using the extension for other browsers or mobile apps. Degree caused by hackers of the damage becomes clear.
Popular file sharing MEGA – project of Kim Dotcom, formerly known as the owner of the other popular file-sharing service Megaupload.
The service encrypts all the content directly in the browser using the AES algorithm. Users can send each other files in encrypted form, wherein data stored in the cloud. Keys access files are not published in open access, users share them with each other directly.