What you need to know about the recent MangaDex data breach
- Thread starter Plykiya
- Start date
- Status
Dex-chan lover
- Joined
- Feb 17, 2018
- Messages
- 7,926
>HOMBREEEEEE
lmoa
lmoa
Thank you very much for your hard work and your openness.
It's such a nuisance that malicious idiots exist out there with nothing better to do than bother people. Imagine they used that criminal energy the opposite way instead!
Oh well. At the end of the day we can't be bothered.
It's such a nuisance that malicious idiots exist out there with nothing better to do than bother people. Imagine they used that criminal energy the opposite way instead!
Oh well. At the end of the day we can't be bothered.
Supporter
- Joined
- May 1, 2018
- Messages
- 954
@KingHarkinian aw, ya beat me to it!
Group Leader
- Joined
- Feb 18, 2018
- Messages
- 21
@Zephyrus
I obviously disagree, there's a very good reason to ream out the people who run a site with such clear and glaring security problems that, again, thousands of sites for many years have done much better, programmed by people with less experience. As I said earlier in the thread, none of my main points are even remotely unrealistic. Storing the session information in the site's database is a novice level mistake. Taking the site down for construction isn't beyond the scope of anyone's ability, and while it's not ideal, as many users in the thread have been quick to point out: it's free to use, so not being able to use it for a short time is fine. I'm not saying building your site is easy, but it's still incompetently put together, and that's a fact that even Plykiya agrees on.
Saying things like "other sites get hacked" is kind of moot, because the responsibility for this and the previous data breaches don't belong to other sites, they belong to you and your team. Saying "well just go make your own site" is pointless because it's obvious that you're just avoiding taking any of the criticism and aren't hearing out the users who might be affected by this, and every time this comes up, my criticism has ended up completely written off without examination.
Other users saying "Well other sites just sell their user data" is a pointless criticism because (1) How do we know MD hasn't been selling our data in the first place and (2) Now with the data compromise, our data will be sold regardless, all because of MD's poor management.
There are plenty of manga websites have existed longer with less data compromise. Even the official sites that host free content have been around longer than MD and haven't had these issues, because they weren't started by someone googling "How to make PHP site" and putting together a shoddy database and host everything on one server with a single point of failure for the whole site.
You guys have nobody to blame but yourselves for this display of incompetence. Sorry, incompetence is what it is. I'm not going to be extra super nice to you just because you're stressed out that you've screwed up massively and were late to tell your users. The fact that you feel it necessary not to address any of the issues I've raised as Plykiya was at least polite enough to do but instead to tone police and threaten to ban me just shows that you're not even competent to manage the community.
That's all. If you don't want me posting anymore, then please delete my account and scrub my data and I won't bother you guys anymore, hombre.
I obviously disagree, there's a very good reason to ream out the people who run a site with such clear and glaring security problems that, again, thousands of sites for many years have done much better, programmed by people with less experience. As I said earlier in the thread, none of my main points are even remotely unrealistic. Storing the session information in the site's database is a novice level mistake. Taking the site down for construction isn't beyond the scope of anyone's ability, and while it's not ideal, as many users in the thread have been quick to point out: it's free to use, so not being able to use it for a short time is fine. I'm not saying building your site is easy, but it's still incompetently put together, and that's a fact that even Plykiya agrees on.
Saying things like "other sites get hacked" is kind of moot, because the responsibility for this and the previous data breaches don't belong to other sites, they belong to you and your team. Saying "well just go make your own site" is pointless because it's obvious that you're just avoiding taking any of the criticism and aren't hearing out the users who might be affected by this, and every time this comes up, my criticism has ended up completely written off without examination.
Other users saying "Well other sites just sell their user data" is a pointless criticism because (1) How do we know MD hasn't been selling our data in the first place and (2) Now with the data compromise, our data will be sold regardless, all because of MD's poor management.
There are plenty of manga websites have existed longer with less data compromise. Even the official sites that host free content have been around longer than MD and haven't had these issues, because they weren't started by someone googling "How to make PHP site" and putting together a shoddy database and host everything on one server with a single point of failure for the whole site.
You guys have nobody to blame but yourselves for this display of incompetence. Sorry, incompetence is what it is. I'm not going to be extra super nice to you just because you're stressed out that you've screwed up massively and were late to tell your users. The fact that you feel it necessary not to address any of the issues I've raised as Plykiya was at least polite enough to do but instead to tone police and threaten to ban me just shows that you're not even competent to manage the community.
That's all. If you don't want me posting anymore, then please delete my account and scrub my data and I won't bother you guys anymore, hombre.
- Joined
- Aug 18, 2020
- Messages
- 1
Ooof that sucks but I’m glad you guys are back know that situation couldn’t have been easy to process but appreciate the transparency (^_^*)
Active member
- Joined
- Sep 26, 2019
- Messages
- 401
What happened to groups he deleted
- Joined
- Nov 27, 2018
- Messages
- 82
Some advice on changing your email. Both Gmail and Outlook support a +alias's.
Example:
Username@gmail.com -> Username+mangadex@gmail.com or Username+damnedhacker@gmail.com
These will still get sent to username@gmail.com however, it makes it a pain in the ass for anyone trying to trigger a random password reset.
Outlook you can go a step further and have true aliases. Where they give you a email, but you can only access it from a parent email address. So if you never give out/use the parent email address they will never be able to get access to the aliased email address.
https://www.nytimes.com/2018/08/23/technology/personaltech/periods-in-gmail-addresses.html
https://support.google.com/a/users/answer/9308648?hl=en
https://www.msoutlook.info/question/886
https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2
Example:
Username@gmail.com -> Username+mangadex@gmail.com or Username+damnedhacker@gmail.com
These will still get sent to username@gmail.com however, it makes it a pain in the ass for anyone trying to trigger a random password reset.
Outlook you can go a step further and have true aliases. Where they give you a email, but you can only access it from a parent email address. So if you never give out/use the parent email address they will never be able to get access to the aliased email address.
https://www.nytimes.com/2018/08/23/technology/personaltech/periods-in-gmail-addresses.html
https://support.google.com/a/users/answer/9308648?hl=en
https://www.msoutlook.info/question/886
https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2
- Joined
- Feb 20, 2019
- Messages
- 2
Thanks for the transparency.
Member
- Joined
- Jan 16, 2020
- Messages
- 161
Well you haven't been doxxed yet. Unless your email had your real name in it. To doxx you the hackers have to compare your email, and/or IP against other breaches or websites which contain identifiable information leading back to your real name.
Dex-chan lover
- Joined
- Jan 21, 2018
- Messages
- 1,991
Karma for all that April Fool's crap you put readers through every year.
Btw, you might want to report yourselves to Have I Been Pwned while the eggs on your faces are still runny.
Password: Changed. Not super secure, but neither is MD's OPSEC, so it's a wash. Not on the pwned passwords list, at least.
Email address: Changed to a new unimportant disposable alias reserved for degenerate sites, just like the old one.
Creation IP: Don't care. I'm not even on that ISP anymore. Might've even been on a VPN at the time.
Last Connection IP: On a VPN, so I'm not bothered. It's not like MD uses identifiers or evercookies, or do you??!!
Backup 2FA: Pfft, for a weeb site?!
RSS keys: I don't use RSS readers for manga.
Follows: Follow away, hacker. I recommend the Killer Shark Isekai, and the Putin Isekai.
Comments: No loss there. It's mostly me complaining about MD being slow as shit anyway.
DMs: LOL. Yeah, fap to my warnings from uptight mods.
Now I'm off to make a donation, to the uBlock Origin dev, in preparation for April 1st on MD.
Btw, you might want to report yourselves to Have I Been Pwned while the eggs on your faces are still runny.
Password: Changed. Not super secure, but neither is MD's OPSEC, so it's a wash. Not on the pwned passwords list, at least.
Email address: Changed to a new unimportant disposable alias reserved for degenerate sites, just like the old one.
Creation IP: Don't care. I'm not even on that ISP anymore. Might've even been on a VPN at the time.
Last Connection IP: On a VPN, so I'm not bothered. It's not like MD uses identifiers or evercookies, or do you??!!
Backup 2FA: Pfft, for a weeb site?!
RSS keys: I don't use RSS readers for manga.
Follows: Follow away, hacker. I recommend the Killer Shark Isekai, and the Putin Isekai.
Comments: No loss there. It's mostly me complaining about MD being slow as shit anyway.
DMs: LOL. Yeah, fap to my warnings from uptight mods.
Now I'm off to make a donation, to the uBlock Origin dev, in preparation for April 1st on MD.
- Status
Similar threads
- Suggestion
