Mega is a popular cloud storage service – with over 250million users.
A minimum requirement for any cloud storage service is that the data at rest in their data centres must be encrypted. It seems that Mega’s is not, even though their own publicity states your data will be safely encrypted. Researchers at ETH Zurich have shown that there are a range of cryptographic flaws in the system that can be exploited – and five proof of concept attacks have been demonstrated, stealing decryption keys.
Mega says it can’t decrypt your files. New POC exploit shows otherwise | Ars Technica
The research was first shown to Mega – who put a patch in place before the research was published. However this is only a patch to prevent the exploits, the encryption is still flawed.