Jul 10, 2018

Yesterday’s Compromise of our Google Chrome Developer Account

Hola Writer

Within a few hours, we determined that the target of the attack was MEW (MyEtherWallet.com) - the crypto wallet website, and the attack was programmed to inject a JavaScript tag in to the MEW site to "phish" information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website.

We notified MEW, notified Google, and ensured that the hacker's web site was down.

You may be affected by this breach if you have had the Hola extension installed while the rogue version was live AND the extension was turned on AND have logged in to your MyEtherWallet.com without being in incognito mode.

Steps We've Taken

Immediately upon learning about the incident, we set up a CyberSecurity response team to investigate the incident. We also took immediate emergency steps to immediately replace the extension, secure the developers account, and to monitor versions on a constant basis to ensure this does not recur.

We are now determining the scope of the compromise, and conducting an assessment on steps that can be taken to help prevent such an incident from occurring in the future. We will share the findings from this analysis with the ecosystem to help ensure a safer Internet environment.

What our users should do

If you are also using CryptoCurrency wallets, we recommend that you change passwords, and that you log in to those sites only in incognito mode, where code injection is not possible. We will also work with the Crypto eco system on standards that will help prevent similar events in this nascent market.

For now, there are no other actions that our users need to take as a result of this incident.

Going forward

We will work with MEW and others in the ecosystem on standards that will make Crypto wallets safer from these forms of attacks.

As always, your privacy and the security of your data are our highest priority. We continually assess our procedures and policies and seek new ways to improve our approach to security.

We set up a 24/7 security customer support team to assist customers who have concerns or questions about the incident. Hola users who have questions or concerns about this incident can contact our security customer support team at privacy@hola.org.

Go Beyond Your Location.
Access Worldwide Content.

Hola is the gateway to your favorite movies, shows, games and more, no matter where you live!

Well hello there!

We're in the process of giving our website a
new look, call it a makeover if you prefer :)

Rest assured, this will be updated soon too,
we're on it.