Accounts compromised via phishing sites.

Not open for further replies.
Sep 2, 2019
How bored must someone be to put in that much effort to get credentials to a manga site? There’s absolutely nothing to gain. No credit card info so no profit. 🤦‍♂️
May 29, 2012

Your posts are really hard to read.

I was not talking about the announcement of 2FA - just the fact that I made a point of mentioning it in the first post of this announcement - so you either glossed over it, or didn't read it properly. And that was exactly my point - people can miss things that are blindingly obvious.

For example, the fake site domains where they happily enter their info. Which we know happens all too often, cos people actually come on to Discord and ask us why they can't log in, and then link the fake site 😓

Let's just be thankful it's only a manga site's info and not a more important site's info (which hopefully no one used same password for)!
May 29, 2012

The point is probably to get the passwords of people who use the same passwords on more important sites. Sites which they CAN exploit once they have that info.

Once they have that info, they can do a lot of stuff if they compromise the right stuff.
- Link shit to friends and family via Twitter, Facebook, etc and get them to click on the links since they will assume it is safe coming from YOU. Potentially downloading malware such as ransomeware to make $$$.
- If they get your email they can scan your email for other passwords, sites, info, payment info, etc
- Many other things I'm not devious enough to think of, but that they can and will do!

And it all starts off with "just" a manga site, or "just" a whatever site.

Prime examples of why you should never use the same password across sites.
Active member
Sep 26, 2019
I also got a friend request from that account. Thank goodness I'm a cautious person by nature so I immediately rejected it. I see no need to interact with anyone outside the comments section of the series I'm following.
Aug 8, 2018
Admins of Mangadex,

Have you considered maybe reporting these series of phishings to haveibeenpwned? Contact Troy Hunt(owner of HIBP) if you want to report the phishing attacks on mangadex users.

Basically, HIBP(HaveIBeenPwned) is a collection of all the major data breaches that have happened on the Internet. I think phishing might count as a data breach, but I'm not sure.
Also haveibeenpwned links below are not phishing links.

If you are paranoid(which I don't blame you), search for haveibeenpwned in wikipedia and click the official link there to access haveibeenpwned.

Also, to those who have been affected by the phishing attacks, I recommended checking
to see if your e-mail addresses have been breached(and in which data breaches they were breached in), as well as your passwords.

No need to worry about getting breached at haveibeenpwned just by typing your e-mail address and password into haveibeenpwned, as long as you're 1) visiting the real site, 2) enter an old password that has already been breached 3) don't reuse any breached passwords.


FAQ here:

By the way, HIBP indexes past breaches; they didn't have your password or e-mail address before a breach happened, so checking your e-mail address and passwords against their databases doesn't compromise your data.

If you want HIBP(haveibeenpwned) to delete your e-mail address from their databases(remove it from being publicly searchable there):

Q: How do I know the site isn't just harvesting searched email addresses? |
A: You don't, but it's not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you're concerned about the intent or security, don't use it.
- From one section of the HIBP FAQ
May 2, 2019
Wow. I received 2 friend requests and automatically blocked them coz they seemed suspicious with their profile picture and the link on their description. I tried to ask in discord if there's a report button for profiles too just because of this lol.
Active member
May 28, 2018
dang.. when the one who add "friend" is not a friend,
but a friend without R letter on it,
Active member
Aug 8, 2018
@Ixlone - I'm not quite sure why my posts were hard to read, but I apologize if they somehow caused confusion.
I agree with most of what you said, too. I suppose I didn't really make that clear, though. My responses weren't necessarily to dispute what you said, but to further elucidate on the reasoning of my first post.
Even my initial reason for coming in here wasn't because I was concerned about being potentiality compromised, it was more to investigate the cause when I noticed random users sending me friend requests, and noticing they had been banned. Once I read the cause of compromised accounts being elicit sites my curiosity was satiated, and I didn't feel the need to read further. So I just made an offhanded comment about it all. As I said before, it wasn't too condemn or excoriate anyone.
The overall point that I've been trying to make here, perhaps poorly, isn't that people shouldn't make mistakes, but that they should have safeguards, protections, and precautions in place for when they do; as well as the due diligence to be reasonably educated and aware about such things. Maybe it's easier for people who don't have to "hunt and peck" when typing, but as far as I'm aware, I always look at what I'm typing into an address bar before hitting enter specifically because this has been a type of problem for quite a while. Maybe I really am the strange one -- I dunno.
Again, I'm sorry if this hard to read; I just figured I'd try to clarify. I agree as well that it really is a good thing it was only a manga site's info! It sucks that it's more work for you guys, but hopefully it can serve as a valuable experience for someone.
Thanks for taking the time to respond and clarify as well. I appreciate it.
Fed-Kun's army
Apr 18, 2019
Received a friend request by an already banned account, you guys are fast and efficient.
Apr 10, 2018
Would be nice if someone added in Google/Discord auth so that people can just authenticate through there instead of type in a password.
Apr 10, 2018
@AbyssalMonkey I'm suggesting more for the deterrent part, yes. It obviously won't stop the scenario where the phisher also sets up a discord site for you to input your discord info, but that's the game: things should be done to reduce security risk.

I'd make a good assumption that most people haven't even bothered with 2FA here (which, if others aren't aware, is available to be set up here) because, well, you're only here to read Manga. You don't particularly lose anything of value if your account gets phish'd here - unless they're an a-hole and changes your password/deletes the manga you're following.
Aug 7, 2018
As long as the site was legit, i should be in the clear.

Did get a random friend request from a very fresh account.
Not open for further replies.

Users who are viewing this thread
