What you need to know about the recent MangaDex data breach
- Thread starter Plykiya
- Start date
- Status
- Joined
- Feb 19, 2020
- Messages
- 8
> Be me
> Mangadex
> Use PHP in 2021
> Have badly written and poorly designed website relying on an old core
v5 soon we promise!
> Get your source code dumped by what is probably a bored comp-sci student
> He makes fun of you for believing that he doesn't have a copy of your user database even after dumping your source-code
He CLEARLY doesn't have a copy of our user DB!
> Store and don't invalidate remember me session codes for months (Security Level = 10/10)
> Get your website owned for the 2nd time
>Within a minute of discovering his actions...
Nice way of saying that they took too long to respond to it because they don't monitor the status of their website well enough.
The levels of stupidity are so high they're more-so negligent then bemusing. The funny part is this will probably fuck over some scanners too, hear me out here:
> Be me
> Leader or member of scans group
> Sign up or use MangaDex without VPN
> Forget to use VPN (or any scanner with bad opsec who didn't/doesn't use one)
> Figure that the administrators have good enough security that you don't need to worry too much
now
> Be me
> Viz (or some other large Western distributor of English translated digital manga)
> Sick of people reading scans for free
> Want more shekels
> MangaDex database published (publicly)
> Make a list of leaders and members of scan groups
> Check which ones have residential IP's
> Viz Lawyers on speed-dial
HELLO MR ISP. THIS IP ADDRESS HAS BEEN INFRINGING ON OUR COPYRIGHTS, PLEASE TELL US THE INFORMATION OF THE ACCOUNT THAT WAS ASSIGNED THIS IP ADDRESS AT THAT TIME
Back to scanner-san
> Be me
> Scanner-san
> Hear knock at door
HELLO GOYIM, WE ARE THE LAWYERS REPRESENTING VIZ LLC. UNLESS YOU STOP ILEGALLY TRANSLATING AND POSTING THE WORKS WE OWN COPYRIGHTS TO, WE WILL SUE YOU FOR LOTS OF SHEKELS
> Start crying
> Mom and dad are seething
> No tendies for a week
(This isn't just limited to IP's, think emails and links to stuff through DM's.)
This is made worse by the fact you guys don't even have a privacy policy:
https://mangadex.org/thread/319061
ISWTG there's no reason to even store IP's given the nature and dubious legality of this site.
> BUT- BUT- MUH SPAM PREVENTION!
Implement a ReCaptcha or preferably HCaptcha like every other fucking site and rate limit by account.
"Good" administration desu!
> Mangadex
> Use PHP in 2021
> Have badly written and poorly designed website relying on an old core
v5 soon we promise!
> Get your source code dumped by what is probably a bored comp-sci student
> He makes fun of you for believing that he doesn't have a copy of your user database even after dumping your source-code
He CLEARLY doesn't have a copy of our user DB!
> Store and don't invalidate remember me session codes for months (Security Level = 10/10)
> Get your website owned for the 2nd time
>Within a minute of discovering his actions...
Nice way of saying that they took too long to respond to it because they don't monitor the status of their website well enough.
The levels of stupidity are so high they're more-so negligent then bemusing. The funny part is this will probably fuck over some scanners too, hear me out here:
> Be me
> Leader or member of scans group
> Sign up or use MangaDex without VPN
> Forget to use VPN (or any scanner with bad opsec who didn't/doesn't use one)
> Figure that the administrators have good enough security that you don't need to worry too much
now
> Be me
> Viz (or some other large Western distributor of English translated digital manga)
> Sick of people reading scans for free
> Want more shekels
> MangaDex database published (publicly)
> Make a list of leaders and members of scan groups
> Check which ones have residential IP's
> Viz Lawyers on speed-dial
HELLO MR ISP. THIS IP ADDRESS HAS BEEN INFRINGING ON OUR COPYRIGHTS, PLEASE TELL US THE INFORMATION OF THE ACCOUNT THAT WAS ASSIGNED THIS IP ADDRESS AT THAT TIME
Back to scanner-san
> Be me
> Scanner-san
> Hear knock at door
HELLO GOYIM, WE ARE THE LAWYERS REPRESENTING VIZ LLC. UNLESS YOU STOP ILEGALLY TRANSLATING AND POSTING THE WORKS WE OWN COPYRIGHTS TO, WE WILL SUE YOU FOR LOTS OF SHEKELS
> Start crying
> Mom and dad are seething
> No tendies for a week
(This isn't just limited to IP's, think emails and links to stuff through DM's.)
This is made worse by the fact you guys don't even have a privacy policy:
https://mangadex.org/thread/319061
ISWTG there's no reason to even store IP's given the nature and dubious legality of this site.
> BUT- BUT- MUH SPAM PREVENTION!
Implement a ReCaptcha or preferably HCaptcha like every other fucking site and rate limit by account.
"Good" administration desu!
- Joined
- Mar 23, 2020
- Messages
- 31
@Sotapohjoinen I see, thanks for clearing that up
Active member
- Joined
- Jul 9, 2019
- Messages
- 918
Apparently new pages aren't loading with 'failed' error, after few scrolling. Also happen if using in-private. Wonder if it related to this...
Group Leader
- Joined
- Mar 4, 2021
- Messages
- 4
I somehow didn't give a fuck about the hacker only until they said that our accounts and data would be exposed and shit so yeah, i just froze in shock haha
😂🤣
😂🤣
- Joined
- Dec 22, 2018
- Messages
- 61
thanks! i just got a 2fa yesterday, also found this today while browsing link removedi dont understand but seems sus but i dont undestand so...
Code:
that's the leaked code in question, yes- Joined
- Feb 19, 2020
- Messages
- 8
@CupcakeObsession lmfaooo the coping mod edited ur post
- Joined
- Apr 17, 2018
- Messages
- 11
Sorry if this has already been asked (or if you've already done it). Would you be able to provide a list (obviously not publicly) of accounts in the breach to a service like TroyHunt/haveibeenpwned is running so they can get the word out via services like Firefox Monitor etc or is it best to wait until these things turn up somewhere to get picked up by these services?
- Status
Similar threads
- Suggestion
