What you need to know about the recent MangaDex data breach

Status
Not open for further replies.
Dex-chan lover
Joined
Apr 22, 2019
Messages
967
That must be a lamer hacker, he thought he get the gold, but he is only entrapped in the unmonitored honeypot instead

I will give that hacker 10 BTC if he can crack the password. Of course he can't, he don't even understand security a bit I'm sure.

FYI to all, bcrypt is fucking secure. Even if you insert the same password, the hash result is randomly generated, unlike using stupid MD5 or SHA-1 hash, so..... just add 1 character to the password is enough to me.

@KingHarkinian @bingbingmeup
PHP is not secure if you host the site with default setting of XAMPP's Apache, only amateurs do that. Meanwhile nginx is for production which is proven as secure as storing money in the vault, even with default settings
 
Group Leader
Joined
Jan 19, 2018
Messages
1,036
"your email addresses, creation and last connection IPs, backup 2FA codes, RSS keys, follows, comments, DMs, etc. are not fine"

I rarely use my email anyway (which is exclusively used for mangadex) as it gets bombarded with spam and crap so much that I don't even bother checking it anymore. I honestly don't understand what good having my email out in the open will do for them, as it was always public in the first place as well, and most dangerous emails get filtered. And contrary to my avatar, it's not like I'm a senior citizen that gets duped by IRS gift card scammers from overseas.

I have new codes after I re-enabled 2FA, so that's fine.

I use a VPN, and everything else was either already public or don't care about anyway.

...So all in all, seems this hacker only wasted their time and the loser should really get a life, or do the world a favor and off themselves. If he was actually smart, he'd go after the giant megacorps with billions to burn rather than a niche hobby comic site.
 
Joined
Nov 11, 2020
Messages
1
I'm sorry this happen to you all (MangaDex Team), and I'm glad you guys were able to get it all settle out, and wishing you all a peace of mind!
 
Most powerful member of the GFG
Staff
Super Moderator
Joined
Feb 16, 2020
Messages
8,224
@Harry_Dong
If he was actually smart, he'd go after the giant megacorps with billions to burn rather than a niche hobby comic site.
I've seen many people say this, but it's unlikely he would've succeeded at hacking most normal businesses, imo, this guy just wanted a power trip and chose MD as his victim.
 
Yuri Enjoyer
Staff
Developer
Joined
Feb 16, 2020
Messages
462
@Umesan @Anish_Agarwal
The groups that were removed. Were they able to be reinstated?

Of course, should be done already. If you notice a missing one, do let us know.

@Piamette
Before you try and suggest us regular users some methods to "better secure" our accounts -- before you fix those security breaches, even, you should police yourselves.

It might not look like it, and if so let me set this straight, but we take this very seriously. We could have come back up an hour later if we'd wanted, but instead chose to spend almost 24 hours investigating, hardening what holes we might have missed in the past on the security side of things, and devising a plan for the next steps we should take wrt security.

@RogueKitsune
Only suggestion I would like to make is to treat 2FA recovery codes like passwords.

These are definitely getting this treatment from now on, yes.

---

Thank you for all the kind messages. Might not be able to reply to each 1 by 1, but we read and appreciate them.

As for the users pissed off about this happening at all, believe us, we're as pissed, if not more. And we understand and share your frustration. Remember *our* data is part of the breach too. If anything probably on the "spotlight" of it.

We certainly do not take this lightly even if it might be interpreted as such. However:
- We can't fix the past, and had already been busy massively upgrading security as part of the new infrastructure's deployment
- Life must go on, and for this we are planning, and will continue to plan for improvements wrt features as well as security

We are doing our best with the means available to MangaDex at the moment. Things will keep on improving, so please look forward to it.
 
Joined
Mar 8, 2019
Messages
4
i resently ran into a site called mangadex.tv if what iv read is right it is a blantenet fake rip off with no official connection to this site, that said could this hack be an attempt to have the fake replace the real?
 
is a Reindeer
VIP
Joined
Jan 24, 2018
Messages
3,231
@lunnia fake clones of MD have been around since three years ago, has nothing to do with database hacks. they just try to get high on google results and fool people into entering their credentials onto the site and users are hopefully smart enough to realize that the domain they're on isn't mangadex.org....
 
Dex-chan lover
Joined
May 23, 2020
Messages
151
Thanks to all of you in MD's team for your hard work of fending off repeated shitstorms these last months.
 
Member
Joined
May 17, 2019
Messages
146
When I saw a post saying the website was hacked yesterday, I thought it was a joke, but demmm
 
Member
Joined
Jan 19, 2018
Messages
370
Is there a way to backup/export our follow list?

Just for backup purposes.

I kinda treasure my follow list, so it would be preferable if there is an option to do so.

It would bring peace of mind if there is an option to do so, as I live in fear of my follow list getting deleted or vandalised everyday.

Also, you should probably prioritize emailing every user about the data breach, it's the right thing to do.

As some nonactive users could actually value there email addresses, creation and last connection IPs, backup 2FA codes, RSS keys, follows, comments, DMs, and etc.

In addition, I can't find the bethesda.net login page (which is worrisome as I don't know if I used my Mangadex password for it).
 
Status
Not open for further replies.

Users who are viewing this thread

Top