What you need to know about the recent MangaDex data breach

Not open for further replies.
Dex-chan lover
Jan 20, 2018
LOL it's so fckn' hilarious how many lifetimeITsecurity professionals sitting on pirate site just so they can save 50$/month. HILARIOUS!
May 31, 2020
Thank you very much for your hard work and your openness.

It's such a nuisance that malicious idiots exist out there with nothing better to do than bother people. Imagine they used that criminal energy the opposite way instead!

Oh well. At the end of the day we can't be bothered.
Active member
May 26, 2019
Thank you for being transparent about it at least. Luckily, I haven't used that password for anything important since like 2015 but who knows
Group Leader
Feb 18, 2018

I obviously disagree, there's a very good reason to ream out the people who run a site with such clear and glaring security problems that, again, thousands of sites for many years have done much better, programmed by people with less experience. As I said earlier in the thread, none of my main points are even remotely unrealistic. Storing the session information in the site's database is a novice level mistake. Taking the site down for construction isn't beyond the scope of anyone's ability, and while it's not ideal, as many users in the thread have been quick to point out: it's free to use, so not being able to use it for a short time is fine. I'm not saying building your site is easy, but it's still incompetently put together, and that's a fact that even Plykiya agrees on.

Saying things like "other sites get hacked" is kind of moot, because the responsibility for this and the previous data breaches don't belong to other sites, they belong to you and your team. Saying "well just go make your own site" is pointless because it's obvious that you're just avoiding taking any of the criticism and aren't hearing out the users who might be affected by this, and every time this comes up, my criticism has ended up completely written off without examination.

Other users saying "Well other sites just sell their user data" is a pointless criticism because (1) How do we know MD hasn't been selling our data in the first place and (2) Now with the data compromise, our data will be sold regardless, all because of MD's poor management.

There are plenty of manga websites have existed longer with less data compromise. Even the official sites that host free content have been around longer than MD and haven't had these issues, because they weren't started by someone googling "How to make PHP site" and putting together a shoddy database and host everything on one server with a single point of failure for the whole site.

You guys have nobody to blame but yourselves for this display of incompetence. Sorry, incompetence is what it is. I'm not going to be extra super nice to you just because you're stressed out that you've screwed up massively and were late to tell your users. The fact that you feel it necessary not to address any of the issues I've raised as Plykiya was at least polite enough to do but instead to tone police and threaten to ban me just shows that you're not even competent to manage the community.

That's all. If you don't want me posting anymore, then please delete my account and scrub my data and I won't bother you guys anymore, hombre.
Jan 19, 2018
I'm not defending them but you shouldn't expect any kind of professionalism from a site that distributes illegal manga.
Aug 18, 2020
Ooof that sucks but I’m glad you guys are back know that situation couldn’t have been easy to process but appreciate the transparency (^_^*)
Group Leader
Dec 6, 2019
... then please delete my account and scrub my data and I won't bother you guys anymore, hombre
Wrong thread, m'dude.
Here, try this one.
Mar 31, 2019
Come on hacker bro, couldn't you have targeted someone else? Like Nestle, Walmart, or another big evil corpo?
Nov 27, 2018
Some advice on changing your email. Both Gmail and Outlook support a +alias's.
Username@gmail.com -> Username+mangadex@gmail.com or Username+damnedhacker@gmail.com
These will still get sent to username@gmail.com however, it makes it a pain in the ass for anyone trying to trigger a random password reset.
Outlook you can go a step further and have true aliases. Where they give you a email, but you can only access it from a parent email address. So if you never give out/use the parent email address they will never be able to get access to the aliased email address.

Dex-chan lover
Mar 13, 2018
@Dobu How exactly do you expect the team to react? They told you v5's being worked on. You throwing a tantrum won't speed things up.
Jan 16, 2020
Well you haven't been doxxed yet. Unless your email had your real name in it. To doxx you the hackers have to compare your email, and/or IP against other breaches or websites which contain identifiable information leading back to your real name.
Dex-chan lover
Jan 21, 2018
Karma for all that April Fool's crap you put readers through every year.
Btw, you might want to report yourselves to Have I Been Pwned while the eggs on your faces are still runny.

tl;dr: your passwords are fine because they were hashed/salted (transformed in a way that can't be easily reversed) by an algorithm that hasn't been cracked in 22 years, your email addresses, creation and last connection IPs, backup 2FA codes, RSS keys, follows, comments, DMs, etc. are not fine

Password: Changed. Not super secure, but neither is MD's OPSEC, so it's a wash. Not on the pwned passwords list, at least.
Email address: Changed to a new unimportant disposable alias reserved for degenerate sites, just like the old one.
Creation IP: Don't care. I'm not even on that ISP anymore. Might've even been on a VPN at the time.
Last Connection IP: On a VPN, so I'm not bothered. It's not like MD uses identifiers or evercookies, or do you??!!
Backup 2FA: Pfft, for a weeb site?!
RSS keys: I don't use RSS readers for manga.
Follows: Follow away, hacker. I recommend the Killer Shark Isekai, and the Putin Isekai.
Comments: No loss there. It's mostly me complaining about MD being slow as shit anyway.
DMs: LOL. Yeah, fap to my warnings from uptight mods.

Now I'm off to make a donation, to the uBlock Origin dev, in preparation for April 1st on MD.
Not open for further replies.

Users who are viewing this thread
