He explained that while the compromise is serious, it was limited in scope.
What appears to have happened is that a personal laptop belonging to a contractor was compromised through an unknown attack vector with all the data on the computer being copied, Ortmann said.
The compromise took place about a week ago, Ortmann said.
However, the hack was limited to the peripheral mega.nz content management system for the site's help centre, blog and the MEGAsync featrure for Linux links, Ortmann added.
The localisation platform used by Mega's team of translators was also compromised, as the contractor managed all those site features.
"At no time did the contractor have access to any sensitive systems, source code or material," Ortmann said.
"The CMS login credentials are of no use anywhere else," he said.
User data is encrypted before it is sent to and stored on Mega, and could not have been breached.
"There is no reason for users to be concerned about their passwords or their stored data," Ortmann said.
The worst that the attackers could have done is to deface the Mega blog and help pages, Ortmann added.
Source code for the server-side components of the CMS would have been obtained by the hackers, Ortmann said, as well as Mega's open-source client-side applications.
Ortmann said that the Mega admin team has set up a fresh CMS cluster from scratch to eliminate any possible "rootkits" (hidden malicious and persistent software) planted by the attackers.
Stephen Hall, the chairman of Mega Ltd, also denied in a statement that the file locker had been hacked.
Hall's login credentials were also posted to the internet. Despite this, Hall said "the hacker has not accessed sensitive company data or passwords".
The contractor did not have access to user data, or critical source code, Hall said. He maintained that none of the other users to the system had been compromised.
Hall did not respond to requests from the Herald for comment on the alleged hack.
