Mega claims to have fixed seven vulnerabilities, none of which met its highest severity classification. The most severe flaw was an “invalid application of CBC-MAC as a secure hash to integrity-check active content loaded from the distributed static content cluster” Mega’s creators dismissed some of the issues as theoretical and asked for practical exploits. The company set up a vulnerability reward program similar to those run by companies such as Google, Facebook, Mozilla and PayPal. Two cryptographic cracking challenges have not been solved, prompting Mega’s founders to boast: “Whatever you think of its bombity””]