What you need to know about the recent MangaDex data breach

[alliwan]

death to hackers

 

[oniichannobaka]

Yikes! Thanks for being honest.

 

[TheMangaChallenger]

Thanks for the hard work guys!

 

[Aubrey_Dickson]

If all my email getting leaked does is fill my inbox with spam I don't mind it

 

[Cynaax]

Great to see mangadex is back online!

 

[Tokimedotozu]

I understood the warning part and that a hacker has my passwords. Lets take this warning seriously and leave the security on mods.

 

[nomorelife]

Welp

 

[Cornonthekopp]

Woooooooo servers back!!!!!

 

[Plykiya]

@Tokimedotozu they don't have your password in plaintext lol
it's been hashed/salted in a way that's never been broken before so it's impossible for them to figure out what your password is from it, still should change it anyways though

 

[Subwai]

[deleted]

 

[manga_follow_75743857]

Updated password and setup 2FA.

 

[Varler]

Thanks for being so open about this! It happens, although it sucks, so don't feel too bad.

 

[Crystalstars]

Thanks for letting us know what happened.
Glad the site is back up and running.
Hope v5 gets done sooner than later to decrease these things happening again.

 

[Wasatch]

If we only made an account on the site a couple weeks ago, is our information included in this breach, or is it just for accounts that existed when the hacker obtained the code some months ago?

 

[Mr_Detective]

I'm not really understanding how they hacked Loli Master's account from some old build, but don't have our passwords.

I still changed it, anyway.

 

[Narf]

Using their database dump, the hacker was able to use the session codes stored in the db when you hit "remember me" to bypass any password and 2FA requirements, as these are stored for a couple of months.

They then proceeded to log into the account of our admin

Wait a second - you've actually allowed accounts with admin rights to forego authentication? I am trying to say this in the nicest way possible, but: ARE YOU BLEEDING MAD?!
I hope you've come to the obvious conclusion of that.

 

[Z_hopster23]

Thanks for the info. I find it rather comforting to know that you guys are honest folks.

 

[0bscureGuy]

F

 

[Jpwong]

@Narf sounds like having the session codes allowed them to impersonate any user who when they logged into the site checked that "remember me" option, not that the admin account doesn't have 2FA enabled.

 

[Letice]

So... Did u give the hacker the ransom?