Breach Breakdown: MEGA Extension Hack

What Happened:

On September 4, an unknown hacker uploaded a malicious version of a MEGA Chrome extension. The extension is a cloud storage service. The attacker was able to hack into MEGA’s Google Chrome web store account and upload the malicious version. The malicious version allowed the hacker to steal users’ credentials for popular websites like Amazon, Microsoft, and Google, and private keys for cryptocurrency wallets.  There hasn’t been an announcement of the number of users affected, but it could be tens of millions of users.


When installed or updated the malicious extension asked for elevated permission to access personal information.  All the stolen information was sent back to a server located at megaopac.[host] in Ukraine.


The breach was first reported by a security researcher on Reddit and Twitter. Four hours after the breach occurred, the company updated the extension with a clean MEGA version, prompting an auto-update of all the affected installations. Google removed the MEGA extension from the Chrome Web Store five hours after the breach.


What To Do:

First, uninstall the malicious version 3.39.4 and update it to the version 3.39.5.  Second, change passwords for all your accounts. Be sure to change the ones you may have used with the malicious extension first. For tips on passwords check out this blog post.


If you’re still concerned about protecting your passwords, take a look at CyberArk Password Vault or contact us today to see how we can help you.

Scroll to Top