We notified MEW, notified Google, and ensured that the hacker's web site was down.
You may be affected by this breach if you have had the Hola extension installed while the rogue version was live AND the extension was turned on AND have logged in to your MyEtherWallet.com without being in incognito mode.
Immediately upon learning about the incident, we set up a CyberSecurity response team to investigate the incident. We also took immediate emergency steps to immediately replace the extension, secure the developers account, and to monitor versions on a constant basis to ensure this does not recur.
We are now determining the scope of the compromise, and conducting an assessment on steps that can be taken to help prevent such an incident from occurring in the future. We will share the findings from this analysis with the ecosystem to help ensure a safer Internet environment.
If you are also using CryptoCurrency wallets, we recommend that you change passwords, and that you log in to those sites only in incognito mode, where code injection is not possible. We will also work with the Crypto eco system on standards that will help prevent similar events in this nascent market.
For now, there are no other actions that our users need to take as a result of this incident.
We will work with MEW and others in the ecosystem on standards that will make Crypto wallets safer from these forms of attacks.
As always, your privacy and the security of your data are our highest priority. We continually assess our procedures and policies and seek new ways to improve our approach to security.
We set up a 24/7 security customer support team to assist customers who have concerns or questions about the incident. Hola users who have questions or concerns about this incident can contact our security customer support team at firstname.lastname@example.org.