On Sep 4, 2018, a group claims they managed to hack the MEGA Chrome Extension. And were then able to recover information from the user database.
The breach was accomplished by accessing MEGA’s, Chrome Store Profile. After which the group also claims that it was then able to uploaded a hacked version of the extension, (reported as ver 3.39.4.) As it seems to come from google’s store, users would go ahead and install it. Approving all install queries asked. After the install,the hackers could then steal users assets by accessing their login credentials and private keys.
The hack was first reported by a security researcher via twitter. He noticed that the tool could potentially steal user credentials from various online platforms, such as Google, Microsoft and even Amazon.