MEGA Cloud Storage Service

A collection of email addresses and plain text passwords from multiple sources were exposed on the MEGA cloud storage service. There is the potential misuse of the plain text passwords in which credential stuffing attacks may take place. According to OWASP, credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.  These potential attacks reinforce the importance of utilizing unique/strong passwords, updating passwords, and avoiding password reuse across multiple accounts. The NJCCIC advises users to periodically change passwords; use strong, unique passwords for each account; and enable multi-factor authentication when possible. For more information, please review Troy Hunt’s blog post here. 

Data BreachNJCCIC