What you need to know about the recent MangaDex data breach
- Thread starter Plykiya
- Start date
- Status
Dex-chan lover
- Joined
- Jun 10, 2018
- Messages
- 1,096
so the DB dump is presumably from an older server that you guys rented previously?
- Joined
- Jan 24, 2018
- Messages
- 3,231
@geistchevalier that is the presumption, yes
- Joined
- Oct 9, 2018
- Messages
- 5
@freshlypotatoed
I assume you're talking about the db. You're basically talking about snapshots which is just a copy of the filesystem at a given time as opposed to a mysqldump. I know AWS takes snapshots automatically when you setup mysql for example & makes it east to use them for restore, but for sure you can just make your own snapshot as well. Just make sure your filesystem supports taking frozen in time snapshots since users may change data while your filesystem copy is being made, resulting in corrupt state.
Using docker to make snapshots likely wont work due to this, but either way, i'm sure similarly easy to use tools exist that would achieve what you're thinking in a correct way.
I assume you're talking about the db. You're basically talking about snapshots which is just a copy of the filesystem at a given time as opposed to a mysqldump. I know AWS takes snapshots automatically when you setup mysql for example & makes it east to use them for restore, but for sure you can just make your own snapshot as well. Just make sure your filesystem supports taking frozen in time snapshots since users may change data while your filesystem copy is being made, resulting in corrupt state.
Using docker to make snapshots likely wont work due to this, but either way, i'm sure similarly easy to use tools exist that would achieve what you're thinking in a correct way.
Dex-chan lover
- Joined
- Jun 10, 2018
- Messages
- 1,096
@Pylkiya oooff, is it a physical machine or the standard VM that you usually rent? because that sounds kinda scary if it's a VM
- Joined
- Jan 24, 2018
- Messages
- 3,231
@geistchevalier physical.
Aggregator gang
- Joined
- Jan 9, 2019
- Messages
- 132
Or even big companies which tell nothing to common folk and just sweep the breach under the rug.
And on smaller scale, a bored nurse/doctor/etc accessing your medical history, multiple times, for no reason.
Member
- Joined
- Jul 6, 2018
- Messages
- 184
10k BTC?
Dude really just asked for 583.504.000 USD! That's some Dr. Evil type of shit.
Dude really just asked for 583.504.000 USD! That's some Dr. Evil type of shit.
Member
- Joined
- Mar 26, 2019
- Messages
- 9
Retyped everything and it worked now.
- Joined
- Jan 11, 2021
- Messages
- 26
So uh what does all of this mean again? 😀
- Joined
- Jan 24, 2018
- Messages
- 3,231
@BucketBuddy Some person came onto the Discord saying the same thing, but then I pointed out that he filled out the fields wrong. He wrote his old password twice and his new password once, so the "new and new again" combination had one password that was "too short".
It's not a very good error message...
It's not a very good error message...
Dex-chan lover
- Joined
- Aug 24, 2018
- Messages
- 207
@Plykiya
Really? Strange. I am using mangadex in two separate firefox contaigners, and each of them shows different 10 chapters in my history. Unless you are using separate tables for H and Non-H manga, it is likely that you are storing entire history and the history pages is just showing 10 last entries, hiding the rest.
Member
- Joined
- Aug 1, 2020
- Messages
- 11
I was reading it with thick Himmler's face then that HOMBREE slaps my bald forehead.
Supporter
- Joined
- Sep 21, 2018
- Messages
- 2,927
Wait, someone stores their bank account info at MD? What did they do? Send their bank account via message or something? Also correct me if I'm wrong, the thing you need to worry about is your username+password combination, right? Like you can delete your MD account, but if you use the same combination 69 times in other sites, deleting your account doesn't solve anything if the password is already leaked?
Edit: My account info was leaked during that Adobe situation years ago and this was explained to me that way, so yeah.
Edit: My account info was leaked during that Adobe situation years ago and this was explained to me that way, so yeah.
Active member
- Joined
- Jul 6, 2020
- Messages
- 68
Group Leader
- Joined
- Feb 4, 2018
- Messages
- 284
@Skullcrane886 "Everyone" knows that passwords need to be hashed with a proper password hashing function to avoid disaster in case of db leaks. MangaDex did this correctly. What they did not do correctly, is to take the same care to hashing the permanent session tokens, which are different to passwords in that the user does not choose them, so leaking one does not allow accessing other sites which the user uses the same password, but are similar to passwords in that knowing one allows access to the application. And as such, the leak allowed the attacker to access an admin account that happened to use a permanent session token. To their credit, this issue is waaaaaay less often talked about.
Stay safe guys, and use bitwarden for safekeeping your passwords.
Has a web dev myself, it's just one of those things that unfortunately happens.
Also, while the pw's are salted, my genshin account was hacked yesterday, and it had the same credentials.
I don't know if it was because of this, but it's a big coincidence.
Has a web dev myself, it's just one of those things that unfortunately happens.
Also, while the pw's are salted, my genshin account was hacked yesterday, and it had the same credentials.
I don't know if it was because of this, but it's a big coincidence.
- Status
Similar threads
- Suggestion
