Mega Sync storing passwords and other private info, Mistake or Mischievous intent?

Noah Wilson
Sep 5, 2018 · 1 min read

September 4th, 2018

Looking through the code of the now removed extension Mega Sync, you can find some key parts of code that seems at the very least suspicious.

Mega Sync, storing passwords to a file received from making a post request on your browser.

Later the twitter user by the name of @serhack_

Discovered that Mega Sync chrome extension was not only storing passwords but was also storing private keys for cryptocurrencies such as Moreno. This user also discovered that all the data was being sent to https://www.megaopac.host I would highly suggest not visiting that site. As of now at 6:16 pm PST September 4th, 2018. Google has removed Mega Sync from the chrome store and Mega nor their founder Kim Dotcom has made any comment. All that is left now is to discover was this a mistake or some kind of hack or was this a purposeful intrusion of our security by Mega Limited and Kim Dot Com. Until they respond we can only assume the worst and hope for the best.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade