Hackers create a clone of the Mega.nz extension for Chrome
If you're using the Chrome extension for the Mega.nz service, you might have been hacked. The company has recently announced that it was hacked this Tuesday and the extension in question has been used to steal the users' credentials to other services. At the moment, we don't know exactly how many people have been affected by this breach, but if you had or still have the Chrome add-on installed, you might want to change your passwords as soon as possible.
Mega.nz is one of the biggest cloud-sharing services on the Internet. According to the company's statement, the attackers have replaced the 3.39.4 update for the Mega extension with a version infected by a Trojan. The preliminary information shows that the stolen data has been sent to a Ukrainian server, but the hackers' identities are still unknown. Currently, the compromised version has already been replaced with a clean edition through auto-update. However, if you had the add-on installed on Tuesday, September 4th, and you've accepted the extra permissions that the update from that day required, then your passwords are most likely to be compromised.
As far as I know, Mega.nz has more than 100 millions registered users, so it's pretty scary how easily the breach occurred. What's even worse is that even carefully reading the extra privileges required by the hacked version didn't help the regular users and they had absolutely no defense against this attack. Even if you know how to keep your browser safe from hackers, it's still impossible to safeguard yourself from perfectly safe extensions of trustworthy services.
