What you need to know about the recent MangaDex data breach

Status
Not open for further replies.
Double-page supporter
Joined
Sep 13, 2018
Messages
384
If they wanted my hentai list, they could've just asked...
 
Member
Joined
Mar 7, 2019
Messages
114
thanks a lot for the email leaks, just what we needed...
reminder to never trust the MD staff and never make an account in the first place, good thing my email is uninportant but i know lots of people who are going to get spammed to oblivion with this leak.
REALLY, THANKS A LOT!
NO I'M NOT MAD AS FUCK!!!!
 
Joined
Sep 19, 2020
Messages
35
Bruh this sucks so hard to see. now only is manga dex a fantastic site for manga and manhwa indexing and what not. but the fact that its been targeted so much as of recently its unreal!

least the honesty in being upfront regarding the situation is there.

wish all the best to the team!
 
Dex-chan lover
Joined
Jan 19, 2018
Messages
1,545
I suppose this is good prompting to change some passwords. Might take a while.
 
Double-page supporter
Joined
May 28, 2018
Messages
927
Soooo what will change in v5 to make the site safer? Thanks for the transparency.
 
Supporter
Joined
Aug 29, 2018
Messages
4
The MangaDex staff should probably send out an email to all users informing them of the breach, if that wasn't already being planned. Not everybody is an active user, and thus not everyone who is affected may know that their password, email address, or other credentials were leaked.
 
Dex-chan lover
Joined
Dec 9, 2020
Messages
4,165
@pip25
On the contrary, I think the hacker is an amateur. The ransom was obviously too big for a no ads site which would usually means that the hacker were never really wanted to negotiate and just wanted to mess MangaDex up after their terms were not fulfilled. But them spamming "HOMBREEEEEE" and their subsequent acts while logged in as an admin was too mild for that. They didn't really cause long term damage and just served more as a pointer to one of MangaDex's security hole.
 
Dex-chan lover
Joined
Nov 24, 2019
Messages
491
Session codes in DB is mostly fine and relatively normal. The risk is mostly minimal because if they have a full DB, a session code to login doesn't get them much.

The best way to do session tokens securely is to make the clients give the server a public key and key deviation function for a private key the clients holds on to. But that's wildly overkill for most scenarios since it's basically recreating how SSH works just to store statefulness of a session on a manga reading site.
 
Active member
Joined
Feb 17, 2018
Messages
101
Those goddamn hackers subscribed me to a bunch of questionable hentai too! 😅

PS: lol @ backseat programmers' hot takes.
 
Dex-chan lover
Joined
Dec 20, 2019
Messages
1,045
10k BTC or everything goes public
Fucking lul, too many zeroes there buddy

releasing v5, which is professionally written, unlike the amateur code that is v3
You paying people now?

You might want to change email to one that is not tied to your school/workplace if that was the case before, as we’re not an official site after all.
Users who signed up with their real email and commented on trap/loli hentai now on suicide watch
 
Joined
Jan 28, 2019
Messages
13
Damnit last three sites such as this one that I've used have either had Admins lose the will to continue. Or had some bore piss-ant that watched the movie Hacker too many times and is convinced it makes em super human. Dump all data ya got on em out there in the 4chan and tell em he's bringing back Boxxy.... They'll likely have the poor fool DOXed in a week and then we can all take turn's mailing cat/dog poop to them.
 
Dex-chan lover
Joined
Jun 3, 2020
Messages
57
WOW YOU GUYS ARE JUST. WOW. Amazing effort despite getting stressed out from these inconveniences
 
Status
Not open for further replies.

Users who are viewing this thread

Top