What you need to know about the recent MangaDex data breach

Status
Not open for further replies.
Dex-chan lover
Joined
Jan 20, 2018
Messages
1,028
LOL it's so fckn' hilarious how many lifetimeITsecurity professionals sitting on pirate site just so they can save 50$/month. HILARIOUS!
 
Joined
May 31, 2020
Messages
75
Thank you very much for your hard work and your openness.

It's such a nuisance that malicious idiots exist out there with nothing better to do than bother people. Imagine they used that criminal energy the opposite way instead!

Oh well. At the end of the day we can't be bothered.
 
Fed-Kun's army
Joined
May 26, 2019
Messages
901
Thank you for being transparent about it at least. Luckily, I haven't used that password for anything important since like 2015 but who knows
 
Group Leader
Joined
Feb 18, 2018
Messages
21
@Zephyrus

I obviously disagree, there's a very good reason to ream out the people who run a site with such clear and glaring security problems that, again, thousands of sites for many years have done much better, programmed by people with less experience. As I said earlier in the thread, none of my main points are even remotely unrealistic. Storing the session information in the site's database is a novice level mistake. Taking the site down for construction isn't beyond the scope of anyone's ability, and while it's not ideal, as many users in the thread have been quick to point out: it's free to use, so not being able to use it for a short time is fine. I'm not saying building your site is easy, but it's still incompetently put together, and that's a fact that even Plykiya agrees on.

Saying things like "other sites get hacked" is kind of moot, because the responsibility for this and the previous data breaches don't belong to other sites, they belong to you and your team. Saying "well just go make your own site" is pointless because it's obvious that you're just avoiding taking any of the criticism and aren't hearing out the users who might be affected by this, and every time this comes up, my criticism has ended up completely written off without examination.

Other users saying "Well other sites just sell their user data" is a pointless criticism because (1) How do we know MD hasn't been selling our data in the first place and (2) Now with the data compromise, our data will be sold regardless, all because of MD's poor management.

There are plenty of manga websites have existed longer with less data compromise. Even the official sites that host free content have been around longer than MD and haven't had these issues, because they weren't started by someone googling "How to make PHP site" and putting together a shoddy database and host everything on one server with a single point of failure for the whole site.

You guys have nobody to blame but yourselves for this display of incompetence. Sorry, incompetence is what it is. I'm not going to be extra super nice to you just because you're stressed out that you've screwed up massively and were late to tell your users. The fact that you feel it necessary not to address any of the issues I've raised as Plykiya was at least polite enough to do but instead to tone police and threaten to ban me just shows that you're not even competent to manage the community.

That's all. If you don't want me posting anymore, then please delete my account and scrub my data and I won't bother you guys anymore, hombre.
 
Member
Joined
Jan 19, 2018
Messages
276
@Dobu
I'm not defending them but you shouldn't expect any kind of professionalism from a site that distributes illegal manga.
 
Joined
Aug 18, 2020
Messages
1
Ooof that sucks but I’m glad you guys are back know that situation couldn’t have been easy to process but appreciate the transparency (^_^*)
 
Group Leader
Joined
Dec 6, 2019
Messages
2,646
@Dobu
... then please delete my account and scrub my data and I won't bother you guys anymore, hombre
Wrong thread, m'dude.
Here, try this one.
https://mangadex.org/thread/178895/83/#last_post
 
Joined
Mar 31, 2019
Messages
1
Come on hacker bro, couldn't you have targeted someone else? Like Nestle, Walmart, or another big evil corpo?
 
Joined
Nov 27, 2018
Messages
82
Some advice on changing your email. Both Gmail and Outlook support a +alias's.
Example:
Username@gmail.com -> Username+mangadex@gmail.com or Username+damnedhacker@gmail.com
These will still get sent to username@gmail.com however, it makes it a pain in the ass for anyone trying to trigger a random password reset.
Outlook you can go a step further and have true aliases. Where they give you a email, but you can only access it from a parent email address. So if you never give out/use the parent email address they will never be able to get access to the aliased email address.

https://www.nytimes.com/2018/08/23/technology/personaltech/periods-in-gmail-addresses.html
https://support.google.com/a/users/answer/9308648?hl=en
https://www.msoutlook.info/question/886
https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2
 
Dex-chan lover
Joined
Mar 13, 2018
Messages
2,636
@Dobu How exactly do you expect the team to react? They told you v5's being worked on. You throwing a tantrum won't speed things up.
 
Member
Joined
Jan 16, 2020
Messages
161
Well you haven't been doxxed yet. Unless your email had your real name in it. To doxx you the hackers have to compare your email, and/or IP against other breaches or websites which contain identifiable information leading back to your real name.
 
Dex-chan lover
Joined
Jan 21, 2018
Messages
1,991
Karma for all that April Fool's crap you put readers through every year.
Btw, you might want to report yourselves to Have I Been Pwned while the eggs on your faces are still runny.

tl;dr: your passwords are fine because they were hashed/salted (transformed in a way that can't be easily reversed) by an algorithm that hasn't been cracked in 22 years, your email addresses, creation and last connection IPs, backup 2FA codes, RSS keys, follows, comments, DMs, etc. are not fine

Password: Changed. Not super secure, but neither is MD's OPSEC, so it's a wash. Not on the pwned passwords list, at least.
Email address: Changed to a new unimportant disposable alias reserved for degenerate sites, just like the old one.
Creation IP: Don't care. I'm not even on that ISP anymore. Might've even been on a VPN at the time.
Last Connection IP: On a VPN, so I'm not bothered. It's not like MD uses identifiers or evercookies, or do you??!!
Backup 2FA: Pfft, for a weeb site?!
RSS keys: I don't use RSS readers for manga.
Follows: Follow away, hacker. I recommend the Killer Shark Isekai, and the Putin Isekai.
Comments: No loss there. It's mostly me complaining about MD being slow as shit anyway.
DMs: LOL. Yeah, fap to my warnings from uptight mods.

Now I'm off to make a donation, to the uBlock Origin dev, in preparation for April 1st on MD.
 
Status
Not open for further replies.

Users who are viewing this thread

Top