Hackers say they took Mega.nz source code and admin logins

A hacker group claims to have obtained source code and admin accounts for the file-sharing site Mega.nz, formerly owned by internet entrepreneur Kim Dotcom.

The hacker group, known as the Amn3s1a Team, told me by email that they had also obtained internal documents from the company's servers, by exploiting an escalation of privilege vulnerability.

In total, there were seven email addresses that are said to be associated with administrative Mega accounts, thought to be the highest-level of access at the service.

According to one of the hackers, the group "got into a few developer boxes and silently started our path from there".

ZDNet obtained a portion of what was allegedly taken: an 800MB archive of source code. Among the code are directories that appear to be relating to Megachat, its instant messenger service, the site's Chrome browser extension, and in one case, a private RSA key.

Asked about motive, the group said that using a tool "that's not completely open source has big disadvantages".

Mega.nz confirmed, but it downplayed the breach.

"One of our contractors working on independent systems to maintain the public material in our blog and the help center has been compromised," said Stephen Hall, chairman of Mega, in an email.

"This person did not have access to user data, neither does the person have access to critical source code and so the impact is very low," he added.

Hall confirmed that the system that was accessed has "been secured" and that user data wasn't compromised.

The hackers also said they took documents from a developer's machine, a claim that Hall denied.

One such document appeared to be an annual remuneration review for one employee (whose name we're not disclosing but was part of the list of admin accounts), which said that the employee would receive a 10 percent pay cut.

Hall confirmed the authenticity of the document but said that it was "personal to a contractor and wasn't obtained from any Mega system".

Founded in 2012, the site became a "piracy haven" for millions of users. The file-sharing site underwent a "hostile takeover" earlier this year, according to reports, and a majority of shares are now in part owned by the New Zealand government, where the company is based, Dotcom said.

Dotcom did not respond to a request for comment prior to publication, but he said in a tweet after this story broke: "If Mega.nz source code leaks I'd like to see a code review by security experts. Wouldn't be surprised if the new Mega owner sold you out."

The hacker group said that it has more to release, but it didn't say when.

"We aren't in a hurry," the group said.

THIS YEAR IN HACKS

MySpace hack puts another 427 million passwords up for sale

A hacker claims to be selling millions of Twitter accounts

One of the biggest hacks happened last year, but nobody noticed

171 million VK.com accounts stolen by hackers

Hacker puts 51 million file sharing accounts for sale on dark web

Ubuntu Forums hack exposes 2 million users

Oracle investigating data breach at Micros point-of-sale division

Epic's forums hacked again, with thousands of logins stolen

Millions of Steam game keys stolen after hacker breaches gaming site

Hackers stole 43 million Last.fm account details in 2012 breach

• MySpace hack puts another 427 million passwords up for sale
• A hacker claims to be selling millions of Twitter accounts
• One of the biggest hacks happened last year, but nobody noticed
• 171 million VK.com accounts stolen by hackers
• Hacker puts 51 million file sharing accounts for sale on dark web
• Ubuntu Forums hack exposes 2 million users
• Oracle investigating data breach at Micros point-of-sale division
• Epic's forums hacked again, with thousands of logins stolen
• Millions of Steam game keys stolen after hacker breaches gaming site
• Hackers stole 43 million Last.fm account details in 2012 breach