A group of hackers calling themselves the "Amn3s1a Team" have succeeded in hacking parts of file sharing site Mega.nz, taking documents and application source code from a computer system.

The hackers also posted login credentials for Mega staff to an internet paste site. They are marked as providing administrator access, which gives the logged in person rights to add, change and delete data.

One of the administrator accounts belong to Mathias Ortmann, who coded Mega with Bram van der Kolk after it was founded by Kim Dotcom in 2013, while they and Finn Batato fought extradition to the United States over alleged copyright infringement when the four ran file sharing site Megaupload.

Dotcom is no longer involved with Mega and took to Twitter to criticise the file sharing site for poor security.


Ortmann, who is no longer employed by Mega or a contractor for the company, provided the New Zealand Herald with an analysis of the hack.

He explained that while the compromise is serious, it was limited in scope.

What appears to have happened is that a personal laptop belonging to a contractor was compromised through an unknown attack vector with all the data on the computer being copied, Ortmann said.

The compromise took place about a week ago, Ortmann said.

However, the hack was limited to the peripheral mega.nz content management system for the site's help centre, blog and the MEGAsync featrure for Linux links, Ortmann added.

The localisation platform used by Mega's team of translators was also compromised, as the contractor managed all those site features.

"At no time did the contractor have access to any sensitive systems, source code or material," Ortmann said.

"The CMS login credentials are of no use anywhere else," he said.


User data is encrypted before it is sent to and stored on Mega, and could not have been breached.

"There is no reason for users to be concerned about their passwords or their stored data," Ortmann said.

The worst that the attackers could have done is to deface the Mega blog and help pages, Ortmann added.

Source code for the server-side components of the CMS would have been obtained by the hackers, Ortmann said, as well as Mega's open-source client-side applications.

Ortmann said that the Mega admin team has set up a fresh CMS cluster from scratch to eliminate any possible "rootkits" (hidden malicious and persistent software) planted by the attackers.

Stephen Hall, the chairman of Mega Ltd, also denied in a statement that the file locker had been hacked.

Hall's login credentials were also posted to the internet. Despite this, Hall said "the hacker has not accessed sensitive company data or passwords".

The contractor did not have access to user data, or critical source code, Hall said. He maintained that none of the other users to the system had been compromised.

Hall did not respond to requests from the Herald for comment on the alleged hack.