What you need to know about the recent MangaDex data breach

Status
Not open for further replies.
Joined
May 27, 2020
Messages
118
I understood the warning part and that a hacker has my passwords. Lets take this warning seriously and leave the security on mods.
 
is a Reindeer
VIP
Joined
Jan 24, 2018
Messages
3,231
@Tokimedotozu they don't have your password in plaintext lol
it's been hashed/salted in a way that's never been broken before so it's impossible for them to figure out what your password is from it, still should change it anyways though
 
Dex-chan lover
Joined
Jan 10, 2019
Messages
3,313
Thanks for being so open about this! It happens, although it sucks, so don't feel too bad.
 
Joined
Mar 17, 2020
Messages
20
Thanks for letting us know what happened.
Glad the site is back up and running.
Hope v5 gets done sooner than later to decrease these things happening again.
 
Joined
Mar 9, 2021
Messages
7
If we only made an account on the site a couple weeks ago, is our information included in this breach, or is it just for accounts that existed when the hacker obtained the code some months ago?
 
Group Leader
Joined
Apr 20, 2019
Messages
2,331
I'm not really understanding how they hacked Loli Master's account from some old build, but don't have our passwords.

I still changed it, anyway.
 
Dex-chan lover
Joined
Apr 22, 2018
Messages
437
Using their database dump, the hacker was able to use the session codes stored in the db when you hit "remember me" to bypass any password and 2FA requirements, as these are stored for a couple of months.

They then proceeded to log into the account of our admin
Wait a second - you've actually allowed accounts with admin rights to forego authentication? I am trying to say this in the nicest way possible, but: ARE YOU BLEEDING MAD?!
I hope you've come to the obvious conclusion of that.
 
Active member
Joined
Jan 22, 2018
Messages
195
@Narf sounds like having the session codes allowed them to impersonate any user who when they logged into the site checked that "remember me" option, not that the admin account doesn't have 2FA enabled.
 
Status
Not open for further replies.

Users who are viewing this thread

Top