The mega.nz leaks have been a hot topic of late. While the data is not entirely malicious, it
has raised questions about security. For starters, it is possible that an attacker used a
credential stuffing attack to leak sensitive data. This kind of attack works by injecting stolen
username/password pairs into a user’s account. If this is the case, Mega should have put some
precautionary measures in place to protect its users’ data.
Over 15,500 usernames, passwords and file names exposed
Security researchers have discovered a text file that contains over fifteen thousand Mega user
credentials. The data is stored in a database that was uploaded to the VirusTotal service by a
user in Vietnam. According to the researchers, the data could be of use to threat actors
because it contains information about over 200 million people in China. The file was
discovered by Digita Security co-founder and chief research officer Patrick Wardle in June.
According to ZDNet, the Mega site didn’t use two-factor authentication to protect its users from
identity theft. With just usernames, passwords, and file names, an attacker could log into each
account and steal its contents. Despite Mega’s zero tolerance policy for child sexual abuse
materials, this data could be used by criminals. The Mega chairman Stephen Hall said that the
company is implementing two-factor authentication “soon” to prevent such attacks.
The security breach at Mega was a common issue in recent years. Last year, hackers
managed to obtain internal documents from Mega. They also obtained seven e-mail addresses
associated with the Mega’s administrative account. Despite this fact, Mega said that the data
was not user-sensitive and was not accessible to hackers. However, Mega continues to warn
users and is committed to addressing the issue.
Credential stuffing likely to blame
While credential stuffing may be an effective way to secure websites and prevent credential
theft, it still leaves companies vulnerable to attack. In some cases, companies are simply
ignoring warnings about security and may even cover up the breach. Then, the attackers can
reap the benefits of the breach. Credential stuffing can make customers suspect your
organization or a third party based on poor password security practices.
In order to collect personally identifiable information (PII), attackers usually target websites
that use the same passwords. Credential stuffing is the practice of reusing usernames and
passwords from one site to another. The stolen credentials can be used for phishing schemes,
DDoS attacks, and even identity theft. Personal details are typically used to register for other
websites and may be used for blackmail.
The New Statesman article has caused controversy because it blames Deliveroo for the
attacks. In fact, Deliveroo was not involved in the leaks. The writer of the article re-used a
password from another account. Moreover, the company did not suffer any breach as a result
of this. Thus, it is likely that Credential Stuffing is to blame for the Mega.nz leaks.
As with any attack, credential stuffing attacks require compromising a site before they can
exploit its login form. Credentials are commonly available on the dark web and if they have
been stolen or obtained through a breach, attackers can easily steal them. Using IP proxy
services, attackers can make the attacks look like normal network traffic. Defenders will flag if
millions of login requests are coming from a single IP address. Instead, IP proxy service
providers distribute login requests across a wide range of IP addresses to mask the activity.
Icedrive is a privacy-minded cloud service
If you’re looking for a secure cloud service, Mega is a good choice. It offers end-to-end
encryption, and is based in Auckland, New Zealand. However, the company’s source code is
available to the public, and any third-party can see it. While the company tries to address this
problem, it is not perfect. This is why many people prefer Icedrive.
MEGA has excellent customer support and 15GB of free storage, but it was involved in the
recent password dump and credential stuffing, and is not a good choice for many users.
Despite this, it is a privacy-minded cloud service, with end-to-end encryption. But it has also
been linked to leaks and breaches. Here’s why. If you use Mega, make sure to keep your data
encrypted.
Icedrive’s free storage plans
If you’re looking for a good alternative to Google Drive, we have the details on Icedrive in this
review. This UK-based startup offers free storage plans of up to 10GB and zero-knowledge
encryption for all users. Its service is very similar to Google Drive and is well worth
considering. If you’re on a budget, Icedrive’s free storage plan might be the best option.
There are several free storage plans from Icedrive available in the market today. One of them,
the Icedrive Lite Plan, offers 150GB of storage and 250GB of monthly bandwidth. This plan,
however, is not available on a monthly subscription and can only be purchased yearly.
Alternatively, you can choose the Pro Plan, which includes 1TB of storage and two terabytes of
monthly bandwidth. If you’re looking for a larger plan, you can go for the Pro+ plan, which
comes with 5TB of storage and an 8TB bandwidth cap.
However, we should note that Icedrive’s free storage plans are a bit similar to Icedrive’s
premium plans. They both offer free plans, but these do not include encryption, which is only
available for their premium users. There’s no way to tell if Icedrive will be the next big thing in
cloud storage – you don’t know how much competition there is yet. In any case, we’ll just have
to wait and see!
MegA’s GDPR compliance
MEGA.nz, a New Zealand-based provider of cloud storage and back-up services, has
announced the appointment of David McLaughlin as its new Compliance Manager. As the
company’s GDPR compliance requirements increase, David will oversee ongoing efforts to
ensure compliance with the new laws. A lawyer by profession, David has specialised in IT,
digital media and entertainment law. He is a solicitor and barrister in the High Court of New
Zealand and established his own practice in 2006.
Besides the website’s GDPR compliance, MEGA maintains an anonymous user account. MEGA
anonymizes user data after twelve months, although it keeps records of financial transactions
for longer periods. In addition, MEGA retains all chat and contact details of other MEGA users.
Users can rest assured that their information is safe and secure. Even if they share personal
details with other MEGA users, the information is encrypted and only MEGA has access to it if
they’re required by law.
MEGA’s servers are located in various EU countries. GDPR protects personal data and
extends these protections to users around the world. Despite the recent controversy, MEGA
remains a safe service with its privacy policies and security measures. So, how can Mega.nz
meet GDPR compliance? In a nutshell, it provides end-to-end encrypted cloud storage
services that are accessible in more than 180 countries. MEGA is available for Windows,
macOS, Linux, Android, and iOS devices. Because of its GDPR compliance, MEGA files are
stored in facilities that meet strict GDPR standards. It does not store user information in the
United States.
Icedrive’s customer service
You’ve probably heard about Mega.nz leaks, but have you heard of Icedrive? This new
provider offers highly secure cloud storage, but does it live up to its claims? If so, read on to
find out. We tested Icedrive’s free plan, which allows you to store up to 20GB of files. It offers
three different paid plans, all of which have different price tags.
The free plan is a nice addition to Mega, but there are some things to consider. Icedrive uses
zero-knowledge encryption, and is GDPR compliant. While the service is cheap, there are
fewer advanced features than larger cloud providers. You can upload up to 10TB of files to
Icedrive, and it offers an encrypted 15 GB folder for free. However, you may not be able to use
2FA or other security features for your account.
Like Google Drive, Icedrive offers a document viewer, which allows you to present the cloud as
a productivity app. You can showcase and share your files with others, and Icedrive has a
built-in media player to stream media. Icedrive has a great customer service team, and they’re
responsive to queries and questions. And if you do find a leak or have a problem, they’ll
respond quickly.
