Security News > 2022 > June > MEGA fixes critical flaws that allowed the decryption of user data
MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form.
One of MEGA's advertised features is that data is end-to-end encrypted, with only the user having access to the decryption key.
MEGA is unaware of any compromised user accounts or data by exploiting the discovered flaws.
Decrypting MEGA. MEGA uses a system of user-controlled end-to-end encryption to protect user data even from internal access.
MEGA has fixed the two vulnerabilities that can lead to user data decryption on all clients, mitigated a third one, and plans to address the remaining two of the discovered issues in upcoming updates.
Despite the assurances by MEGA that no data was compromised, the research has effectively nullified MEGA's data confidentiality assurances that differentiated them from their competition for over a decade.