A hacker group claims to have obtained source code and admin accounts for the file-sharing site Mega.nz, formerly owned by internet entrepreneur Kim Dotcom.



(Image: file photo)

The hacker group, known as the Amn3s1a Team, told me by email that they had also obtained internal documents from the company's servers, by exploiting an escalation of privilege vulnerability.

In total, there were seven email addresses that are said to be associated with administrative Mega accounts, thought to be the highest-level of access at the service.

According to one of the hackers, the group "got into a few developer boxes and silently started our path from there."

ZDNet obtained a portion of what was allegedly taken, an 800-megabyte archive of source code. Among the code are directories that appear to be relating to Megachat, its instant messenger service, the site's Chrome browser extension, and in one case, a private RSA key.

Asked about motive, the group said that using a tool "that's not completely open source has big disadvantages."

Mega.nz confirmed, but downplayed the breach.

"One of our contractors working on independent systems to maintain the public material in our blog and the help center has been compromised," said Stephen Hall, chairman of Mega, in an email.

"This person did not have access to user data, neither does the person have access to critical source code and so the impact is very low," he added.

Hall confirmed that the system that was accessed has "been secured" and that user data wasn't compromised.

The hackers also said they took documents from a developer's machine, a claim that Hall denied.

One such document appeared to be an annual remuneration review for one employee (whose name we're not disclosing but was part of the list of admin accounts), which said that the employee would receive a 10 percent pay cut.

Hall confirmed the authenticity of the document but said that it was "personal to a contractor and wasn't obtained from any Mega system."

Founded in 2012, the site became a "piracy haven" for millions of users. The file sharing site underwent a "hostile takeover" earlier this year, according to reports, and a majority of shares are now in part owned by the New Zealand government, where the company is based, Dotcom said.

Dotcom did not respond to a request for comment prior to publication, but said in a tweetafter this story broke: "If Mega.nz source code leaks I'd like to see a code review by security experts. Wouldn't be surprised if the new Mega owner sold you out."

The hacker group said that it has more to release, but didn't say when.

"We aren't in a hurry," the group said.


SOURCE : http://www.zdnet.com/article/hackers-say-they-took-mega-nz-admin-accounts-documents-source-code/

 

I find it incredible the amount of hacking 'teams' that are doing this kinda stuff nowadays - and lots of them just getting away with it. With groups like Lizard Squad a while back and 'Our Mine' that consist mainly of teens, hacking and DDOS'ing, mainly being a nuisnce for legitimate users...

Just today a huge mobile network in the UK 'Three' was hacked, with MILLIONS of customers personal data at risk. All gained through access stolen from one employee account.

I don't know whether I blame these companies for having such lackluster security or these kids that must be bored to death and have nothing better to do...

 

i blame trump.

 

What I can´t see is the need or the utility to do that... are they bored? No system is 100% secure and all companies in the world know.

 

"What I can´t see is the need or the utility to do that... are they bored? No system is 100% secure and all companies in the world know."
I can only guess it's a matter of prestige and practicing skills, being able to effectively find a weakspot is very powerful weapon