Thousands of account credentials associated with the popular file storage service Mega have been published online,
The former NSA hacker Patrick Wardle, co-founder at Digita Security, discovered in June a text file containing over 15,500 usernames, passwords, and files names.
The presence of the files suggests that the threat actors that collected them also accessed to each account and listed its content.
Wardle discovered the file after it was uploaded to the VirusTotal service some months earlier by a user purportedly in Vietnam.
Wardle passed the data to ZDNet that verified the huge trove of data belongs to the Mega service.
ZDNet contacted many users that confirmed the authenticity of the content of the file.
The data appears to date back to 2013, when Kim Dotcom launched the service.
ZDNet asked the popular expert Troy Hunt, who runs the data breach notification site Have I Been Pwned, to analyze the files.
Hunt believes the hackers collected the credentials from other data breaches (credential stuffing).
98 percent of the addresses in the file had already been included in a previous data breach and listed in the Hunt’ service.
“Some 87 percent of the accounts in the Mega file were found in a massive collection of 2,844 data breaches that he uploaded to the service in February, said Hunt.” read the post published by ZDNet.
“Of those we contacted, five said that they had used the same password on different sites.”
Mega chairman Stephen Hall also confirmed the file is the result of credential stuffing.
Experts noticed the Mega service doesn’t implement two-factor authentication -making it easy for attackers to access an account once it will obtain the credentials from other breaches.
Mega logs the IP address of each user who accesses to an account and some users confirmed to have noticed suspicious logins accessing their account from countries in Eastern Europe, Russia, and South America since the file was uploaded.