New-Zealand based MEGA is a cloud service that was designed to be very secure while making cryptography acceptable to its users, i.e. not interfering with ease-of-use. Recently, however, MEGA suffered an attack whereby 773 million unique email addresses and almost 22 million unique passwords were exposed, which makes one wonder whether the focus on the well-being of the service customer isn’t making it too easy for the bad guys.
Slashdot reports that MEGA suffered an attack whereby 773 million unique email addresses and just under 22 million unique passwords were exposed. Some of the hacked passwords were dehashed, meaning they’re in the open, for everybody to read them. MEGA is fully accessible without prior software installs and says it’s the only cloud storage provider with browser-based high-performance end-to-end encryption. The company states that millions of business and personal users rely on MEGA to securely and reliably store and serve petabytes of data and that they believe the success is the result of MEGA’s low barrier to entry to a more secure cloud.
Troy Hunt, the man behind the Have I Been Pwned website says the troubles are almost always due to people using passwords that are too simple or reusing passwords they can easily remember. Hunt himself chose to use 1Password as a password manager so he can generate passwords without the need to memorise them. He says 1Password is also the only password manager that has partnered with Have I Been Pwned and integrated its Watchtower feature with the free HIBP lookup service.