Is Mega Safe?

If you use or plan to use Mega, you need to know: Is Mega safe? 

Below, we explain whether Mega is: 

• Safe to use. 
• Good for privacy. 

We also look at some steps you can take to improve both your safety and privacy when using this online service. 

What Is Mega?

Mega is a cloud storage and file hosting service offered by Mega Limited.

Mega offers a substantial amount of free storage space to users, typically around 20 GB upon signing up, with options to earn additional storage through various activities and promotions. For users needing more storage, Mega offers several paid plans with varying amounts of storage and additional features such as increased bandwidth and collaboration tools.

Users can share files and folders with others, control access permissions, and collaborate in real time.

Mega also supports secure communication through MegaChat, a secure instant messaging and video conferencing service integrated into the Mega platform.

Is Mega Safe?

Depends on who you ask.  

According to Mega, one of its most significant security features is end-to-end encryption. Files are encrypted on the user’s device before being uploaded and remain encrypted until downloaded and decrypted by the user. This means that even Mega cannot access the contents of the files.

Users have control over their encryption keys, which are required to decrypt their data. This adds an extra layer of security, as only the user (or someone they share the key with) can access their files.

However, in 2022, research came out saying that it is not true that Mega, or someone with control over its infrastructure, could not access data stored on the service. 

According to researchers from ETH Zurich University, Mega’s encryption has (or at least had) basic flaws that would allow someone with control of the platform to get users’ keys after they log in a number of times. This means the attacker could read stored files or upload harmful files that look genuine.

In response to this research, Mega rolled out an update and wrote a blog post about the research, which you can read here. 

Stephen Hall, the executive chairman of Mega, said (as quoted in an Ars Technica article):

“For a short time, there was potential for an attacker to negate our commitment, in very limited circumstances and for a very few users, but that has now been fixed.” 

That said, many internet users are still wary of using Mega without additional precautions (i.e., encrypting their data before they upload it to Mega). 

Apart from encryption, Mega supports two-factor authentication, which provides an extra layer of security by requiring a second form of verification (such as a code sent to a user’s phone) in addition to a password.

If a problem comes up, Mega offers encrypted chat and video conferencing through its MegaChat feature, ensuring that communications remain private and secure.

Few companies manage to avoid breaches, and Mega is no exception. In December 2023, a data breach was detected on Mega.nz, exposing emails and other sensitive information to the intruder who broke through. Stephen Hall, the chairman of Mega, said the incident was likely caused by password reuse.

Hall said (as quoted in NZ Herald):

“We can’t verify how the credentials were obtained, but we can confirm that it was not from any breach of Mega’s systems, and that many users do use the same password over multiple sites, a number of which have been hacked.”

One controversy you’re bound to encounter when you Google Mega is that in 2015, Mega founder Kim Dotcom (who left the company that year) claimed that Mega was taken over by a Chinese investor accused of $129 million fraud. At the time, Mega issued a response to Dotcom’s accusations, which you can read here. 

Is Mega safe, according to Reddit?

Mega is generally considered safe by users on Reddit. 

Mega is known for its strong encryption practices. Data is encrypted on the client side before it reaches Mega servers, meaning Mega itself cannot access your files unless you share them​.

However, while Mega advertises end-to-end encryption, some users express concerns about metadata that might still be accessible.

There have been instances where users reported issues such as hacked accounts, but these incidents are often linked to compromised credentials rather than flaws in Mega’s security infrastructure. 

Users are advised to use strong, unique passwords, enable two-factor authentication for added security, and encrypt personal documents locally before uploading them to Mega. 

Is Mega safe for privacy?

Depends on who you ask. 

Mega says it has the “highest level of online security and privacy.”

It uses end-to-end encryption, meaning your data is encrypted on your device before it is uploaded to MEGA’s servers. This ensures that only you have the decryption keys; not even MEGA can access your files​. Its privacy policy states that they do not have access to your files due to their encryption practices. 

However, while the contents of your files are encrypted, MEGA still collects some metadata, such as file sizes, timestamps, and IP addresses. This metadata can potentially be used to infer certain information about your usage patterns.

Terms of Service: Didn’t Read (ToS; DR), a project that rates internet services’ terms of service and privacy policies, gives Mega a “Grade C.” In contrast, both Dropbox and iCloud get a “Grade D.” Google Drive gets a “Grade E.”

Is Mega downloader safe?

Yes, Mega downloader is considered safe as long as you download it from the official Mega website or trusted app stores. This ensures that you are not downloading a compromised or malicious version of the software. 

The safety of the files downloaded through Mega depends on the source of the files. If the files are from a trusted and verified source, they are generally safe. 

However, always be cautious and scan the files with antivirus software after downloading them, especially if they are from unknown or untrusted sources.

Is Mega Private?

On its website, Mega touts itself as having the “highest level of online security and privacy” available. However, due to its past security and privacy controversies, it doesn’t have a reputation as being “private.” 

Still, Mega follows the GDPR and extends to all users the benefit of the “strongest privacy and security law in the world,” regardless of where they live.

Users have individual control over what they share and with whom, minimizing the possibility that data will be accessed or seen by unauthorized users (whether within Mega or otherwise).

For free users, the only personal information needed to create an account is an email address, which Mega collects and stores. Paid users will have additional information collected, such as financial and tax information.

Mega’s privacy policy gets a “Grade C” from Terms of Service: Didn’t Read (ToS; DR), a project that rates internet services’ terms of service and privacy policies. 

Among its concerns, ToS;DR notes that Mega uses third-party cookies for advertising purposes, may keep user data even after an erasure request is made (for business interests or legal obligations), may use web beacons and device fingerprinting, has many third parties involved in its operations, and may use your personal information for marketing purposes.

In comparison, both Dropbox and iCloud get a “Grade D.” Google Drive gets a “Grade E.”

How to Improve Your Safety and Privacy On Mega

For a safer and more private experience on Mega, follow these steps:

• Use strong, unique passwords. Create a strong, unique password for your Mega account. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords.
• Enable two-factor authentication (2FA). Activate 2FA to add an extra layer of security. This requires a second form of verification (such as a code sent to your phone) in addition to your password. You can enable 2FA in the security settings of your Mega account.
• Securely store your encryption keys. Back up your Mega recovery key and store it in a secure place. This key is crucial for account recovery if you forget your password. Consider printing the key and storing it in a safe or using a secure digital method such as a password manager.
• Encrypt files before uploading. For an extra layer of security, encrypt files on your device before uploading them to Mega. This ensures that even if someone gains access to your Mega account, they cannot read your files without the encryption key.
• Manage sharing permissions carefully. Be cautious when sharing files or folders. Only share links with trusted individuals. Use Mega’s sharing options to set permissions, such as read-only access or setting expiration dates for shared links.
• Regularly review account activity. Periodically check your account activity to ensure there are no unauthorized logins or unusual activities. Mega provides logs of recent activities, which can help you monitor any suspicious access.
• Regularly update your software. Ensure that your operating system, browser, and any Mega applications you use are up to date with the latest security patches and updates. Enable automatic updates where possible to keep your software secure.
• Consider using anonymous payment methods. If privacy is a significant concern, consider using anonymous payment methods for Mega’s premium plans, such as cryptocurrencies.