What you need to know about the recent MangaDex data breach

[yummyyummy]

heres to hoping nothing happens and a RIP to god only knows how many cookies i havent deleted in so long

 

[SushiBentou]

Some hackers are sad pathetic small pp.
Targeting what is basically a hobby site.
Lame AF.

Go hack some sjw, financial, social, government, evil corp. Not MD.

 

[z0nex]

I really should enable my 2fa

 

[Tebaldi]

Damn... I don't understand why hackers like this exist in the first place... :/

 

[Grikath]

I shall join the "Thank you for your hard work and clarity" crowd. *thumbsup

 

[Ominous]

Jesus, man.

 

[-Aincrad-]

I can't believe some people just have such a crap, boring and pathetic life.

 

[fumu_fumu]

what a weird hacker yelling "HOMBREEE" and "Bow Before Me, I am the Eternal Master!" if anything he probably is chunni

 

[bobthepusslayer]

@NickD15 I'll simplify things for you :

Ooga booga password not safe. Buy GME

 

[BasicRaincloud]

Sucks. Oh well, guess i'll change my password and forget this ever happened

 

[sling]

Was donation history cleared coming out of this?

 

[shadowmoon522]

if it ain't one thing, it's another with this site...
only thing they could of got from me was a password i'm no longer using anywhere, comments that where public anyway and my email address.

 

[Cinsyac]

Welcome back, and thanks for explaining everything.

 

[AleksHQ]

so we need to change our password?

 

[Dommelien]

All I could think about when I heard md had been hacked was how bad I feel for the mangadex team. You guys have been working so hard to accommodate all new users, orphans from sites that got taken down... and then this :') Proud of you guys!

 

[GardeIV]

this is what you get for streaming manga smdh

 

[wankerLin]

I see

 

[Skullcrane886]

Thank you for the announcement and quick actions to fix this and prevent this from happening.

I have a question only:

the hacker was able to use the session codes stored in the db when you hit "remember me" to bypass any password and 2FA requirements, as these are stored for a couple of months

I don't have any developer skills or in knowledge however, is this (sessions codes stored for a few months) something normal? I though that by anyone using 2FA, only they would be able to access an account on any website. Only other thing I could think of is using the same session_id/cookie saved locally on the web browser if there is any.

Don't shoot me if I said something dumb though. Just trying to understand more.

 

[Fgerjon]

Absolute chads. Great work and as always, thank you 👍

 

[Kabeidon]

What a piece of shit , okay i will change passwords and etc , if you need money you guys should put adds on to avoid this again.
Good luck.