Yesterday's Compromise of our Google Chrome Developer Account
10-Jul-2018 16:30 GMT+3
Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After initial investigation, we found that our Google Chrome Store account was compromised, and that a hacker uploaded a modified version of the extension to the store. We quickly replaced that version with the official version, secured the account, and set about to investigate what the malicious player was attempting to do with this hack.
Within a few hours, we determined that the target of the attack was MEW (MyEtherWallet.com) - the crypto wallet website, and the attack was programmed to inject a JavaScript tag in to the MEW site to "phish" information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website.
We notified MEW, notified Google, and ensured that the hacker's web site was down.
You may be affected by this breach if you have had the Hola extension installed while the rogue version was live AND the extension was turned on AND have logged in to your MyEtherWallet.com without being in incognito mode.
Steps We've Taken
Immediately upon learning about the incident, we set up a CyberSecurity response team to investigate the incident. We also took immediate emergency steps to immediately replace the extension, secure the developers account, and to monitor versions on a constant basis to ensure this does not recur.
We are now determining the scope of the compromise, and conducting an assessment on steps that can be taken to help prevent such an incident from occurring in the future. We will share the findings from this analysis with the ecosystem to help ensure a safer Internet environment.
What our users should do
If you are also using CryptoCurrency wallets, we recommend that you change passwords, and that you log in to those sites only in incognito mode, where code injection is not possible. We will also work with the Crypto eco system on standards that will help prevent similar events in this nascent market.
For now, there are no other actions that our users need to take as a result of this incident.
Going forward
We will work with MEW and others in the ecosystem on standards that will make Crypto wallets safer from these forms of attacks.
As always, your privacy and the security of your data are our highest priority. We continually assess our procedures and policies and seek new ways to improve our approach to security.
We set up a 24/7 security customer support team to assist customers who have concerns or questions about the incident. Hola users who have questions or concerns about this incident can contact our security customer support team at privacy@hola.org.
The Hola team