The Chrome extension for Mega.nz, a cloud storage service, was briefly hacked on Tuesday in an effort to steal login credentials for Amazon, Google, and Microsoft accounts.
At about 4:30 a.m. EST, an unknown attacker uploaded the
An Italian security researcher who goes by the name SerHack was among the first to notice the attack, which was later confirmed by Mega.nz. Other targeted login pages include Github and two cryptocurrency services, MyEtherWallet.com and MyMonero.com.
!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!
LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.
Version: 3.39.4
It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz — SerHack (@serhack_) September 4, 2018
"You are only affected if you had the MEGA Chrome extension installed at the time of the incident,
Affected users should immediately change their passwords to their online accounts. Mega.nz is warning that the
Four hours after the breach occurred, Mega.nz uploaded a clean version (3.39.5) of the Chrome extension, which should have auto-updated affected installations. Google also pulled down the extension from its web store. But for now, it isn't clear how the hacker hijacked Mega.nz's official account to upload the
The cloud storage service is the successor to Megaupload, which was shut down in 2012 over piracy. The service was then revived as
The incident highlights a security danger with third-party Chrome extensions. If you have any unused extension installed on your Chrome browser, it's a good idea to remove them. The
"I think people have a fundamental misunderstanding of how much control extensions have," tweeted security researcher Troy Hunt. "Yes, that includes those that you think are keeping you safe: if it goes rogue, that's it, everything you do in the browser is now compromised."
The Italian security researcher SerHack has published a report, detailing the attack.