Hackers say they took Mega.nz source code and admin logins

Discussion in 'Internet for Musician' started by floond, Nov 18, 2016.

  1. floond

    floond Platinum Record

    Joined:
    Feb 25, 2013
    Messages:
    351
    Likes Received:
    156
    A hacker group claims to have obtained source code and admin accounts for the file-sharing site Mega.nz, formerly owned by internet entrepreneur Kim Dotcom.


    [​IMG]
    (Image: file photo)

    The hacker group, known as the Amn3s1a Team, told me by email that they had also obtained internal documents from the company's servers, by exploiting an escalation of privilege vulnerability.

    In total, there were seven email addresses that are said to be associated with administrative Mega accounts, thought to be the highest-level of access at the service.

    According to one of the hackers, the group "got into a few developer boxes and silently started our path from there."

    ZDNet obtained a portion of what was allegedly taken, an 800-megabyte archive of source code. Among the code are directories that appear to be relating to Megachat, its instant messenger service, the site's Chrome browser extension, and in one case, a private RSA key.

    Asked about motive, the group said that using a tool "that's not completely open source has big disadvantages."

    Mega.nz confirmed, but downplayed the breach.

    "One of our contractors working on independent systems to maintain the public material in our blog and the help center has been compromised," said Stephen Hall, chairman of Mega, in an email.

    "This person did not have access to user data, neither does the person have access to critical source code and so the impact is very low," he added.

    Hall confirmed that the system that was accessed has "been secured" and that user data wasn't compromised.

    The hackers also said they took documents from a developer's machine, a claim that Hall denied.

    One such document appeared to be an annual remuneration review for one employee (whose name we're not disclosing but was part of the list of admin accounts), which said that the employee would receive a 10 percent pay cut.

    Hall confirmed the authenticity of the document but said that it was "personal to a contractor and wasn't obtained from any Mega system."

    Founded in 2012, the site became a "piracy haven" for millions of users. The file sharing site underwent a "hostile takeover" earlier this year, according to reports, and a majority of shares are now in part owned by the New Zealand government, where the company is based, Dotcom said.

    Dotcom did not respond to a request for comment prior to publication, but said in a tweetafter this story broke: "If Mega.nz source code leaks I'd like to see a code review by security experts. Wouldn't be surprised if the new Mega owner sold you out."

    The hacker group said that it has more to release, but didn't say when.

    "We aren't in a hurry," the group said.


    SOURCE : http://www.zdnet.com/article/hackers-say-they-took-mega-nz-admin-accounts-documents-source-code/
     
    • Interesting Interesting x 1
    • List
  2.  
  3. BumBcL0t

    BumBcL0t Producer

    Joined:
    Oct 14, 2014
    Messages:
    125
    Likes Received:
    94
    I find it incredible the amount of hacking 'teams' that are doing this kinda stuff nowadays - and lots of them just getting away with it. With groups like Lizard Squad a while back and 'Our Mine' that consist mainly of teens, hacking and DDOS'ing, mainly being a nuisnce for legitimate users...

    Just today a huge mobile network in the UK 'Three' was hacked, with MILLIONS of customers personal data at risk. All gained through access stolen from one employee account.

    I don't know whether I blame these companies for having such lackluster security or these kids that must be bored to death and have nothing better to do...
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  4. realitybytez

    realitybytez Audiosexual

    Joined:
    May 29, 2013
    Messages:
    1,451
    Likes Received:
    633
    i blame trump.
     
    • Funny Funny x 3
    • Winner Winner x 2
    • List
  5. celtic3342

    celtic3342 Audiosexual

    Joined:
    Oct 15, 2014
    Messages:
    1,782
    Likes Received:
    1,251
    What I can´t see is the need or the utility to do that... are they bored? No system is 100% secure and all companies in the world know.
     
  6. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,622
    Likes Received:
    2,224
    Location:
    Heart of Europe
    "What I can´t see is the need or the utility to do that... are they bored? No system is 100% secure and all companies in the world know."
    I can only guess it's a matter of prestige and practicing skills, being able to effectively find a weakspot is very powerful weapon
     
Loading...
Loading...