MangaDex is one of the most popular manga scanlation sites, with visitors able to read manga comics for free online.
Manga scanlation site MangaDex disclosed a data breach last week after discovering that the site’s user database had been transferred to threat attackers in a personal manner.
Manga Dex was hacked in March, and the perpetrators claimed to have taken the site’s source code and database, but that it was never published.
Following the site’s takedown in response to an attack, a threat actor identified as “holo-gfx” proceeded to curse the owner, saying it had backdoored the site with further vulnerabilities and a web shell.
MangaDex is now unavailable as developers work on a new version of the site using non-compliant source code.
Mangadex is a personal database that is traded.
MangaDex changed its website last week to show that the user database is distributed privately among threat actors and that member information is available to the public.
The username, email address, last known IP address, and bcrypt hash password of the member are among the information made public.
“At the time of writing (April 18, 2021, 2:00 p.m. UTC), clearly recognized The database truly leaks, as we had feared.
“This implies that your login, email address, IP address, and securely hashed password may be accessible to the public. If you haven’t already, I strongly advise you to do so. Changing credentials on sites that MangaDex may have access to I’m warning you, MangaDex.
Following a data breach, attackers commonly sell the downloaded database to other threat actors, who utilize the data in their own attacks, such as phishing and credential stuffing.
If the data isn’t producing cash, threat actors may often give it away for free on hacking forums in order to establish a reputation among the hacker community.
The MangaDex database is currently distributed privately and is not available to the general public.
Bleeping Computer, however, was able to locate a threat actor disseminating what it claims to be the MangaDex database from the March 2021 attack using KELA’s cybersecurity intelligence engine Dark Beast.
The data Xsplit live streaming software data was breached after studying this publicly available database. Not the MangaDex database, but the year 2013.
TroyHunt said that he believes the data is not publicly available at this time by submitting an authentic MangaDex database to HaveIBeenPwnedTold Bleeping Computer.