What you need to know about the recent MangaDex data breach

Status
Not open for further replies.
Joined
Jan 8, 2021
Messages
2
If the dB was from a few months ago, would users like myself who only joined in January need to worry about my email?
 
Active member
Joined
Sep 1, 2020
Messages
42
should i really change email address? I already change the password since i forgot what it was and already enabled the 2FA this day.
 
Joined
Feb 19, 2020
Messages
8
> Be me
> Mangadex
> Use PHP in 2021
> Have badly written and poorly designed website relying on an old core
v5 soon we promise!
> Get your source code dumped by what is probably a bored comp-sci student
> He makes fun of you for believing that he doesn't have a copy of your user database even after dumping your source-code
He CLEARLY doesn't have a copy of our user DB!
> Store and don't invalidate remember me session codes for months (Security Level = 10/10)
> Get your website owned for the 2nd time
>Within a minute of discovering his actions...
Nice way of saying that they took too long to respond to it because they don't monitor the status of their website well enough.

The levels of stupidity are so high they're more-so negligent then bemusing. The funny part is this will probably fuck over some scanners too, hear me out here:

> Be me
> Leader or member of scans group
> Sign up or use MangaDex without VPN
> Forget to use VPN (or any scanner with bad opsec who didn't/doesn't use one)
> Figure that the administrators have good enough security that you don't need to worry too much

now

> Be me
> Viz (or some other large Western distributor of English translated digital manga)
> Sick of people reading scans for free
> Want more shekels
> MangaDex database published (publicly)
> Make a list of leaders and members of scan groups
> Check which ones have residential IP's
> Viz Lawyers on speed-dial
HELLO MR ISP. THIS IP ADDRESS HAS BEEN INFRINGING ON OUR COPYRIGHTS, PLEASE TELL US THE INFORMATION OF THE ACCOUNT THAT WAS ASSIGNED THIS IP ADDRESS AT THAT TIME

Back to scanner-san
> Be me
> Scanner-san
> Hear knock at door
HELLO GOYIM, WE ARE THE LAWYERS REPRESENTING VIZ LLC. UNLESS YOU STOP ILEGALLY TRANSLATING AND POSTING THE WORKS WE OWN COPYRIGHTS TO, WE WILL SUE YOU FOR LOTS OF SHEKELS
> Start crying
> Mom and dad are seething
> No tendies for a week

(This isn't just limited to IP's, think emails and links to stuff through DM's.)

This is made worse by the fact you guys don't even have a privacy policy:
https://mangadex.org/thread/319061

ISWTG there's no reason to even store IP's given the nature and dubious legality of this site.
> BUT- BUT- MUH SPAM PREVENTION!
Implement a ReCaptcha or preferably HCaptcha like every other fucking site and rate limit by account.

"Good" administration desu!
vMI91M2.gif
 
is a Reindeer
VIP
Joined
Jan 24, 2018
Messages
3,231
1000 emails replied to, time to sleep.
Will maybe get through all the breach emails by the end of tomorrow.
 
Active member
Joined
Jul 9, 2019
Messages
918
Apparently new pages aren't loading with 'failed' error, after few scrolling. Also happen if using in-private. Wonder if it related to this...
 
Joined
Sep 22, 2019
Messages
5
It would be gd if mangadex admins had taken that hackers claims seriously at first and not brush it off that he could take over an admin account
 
Member
Joined
Mar 17, 2018
Messages
57
Things like this happening is why I keep an email address separately for manga sites.
 
Group Leader
Joined
Mar 4, 2021
Messages
4
I somehow didn't give a fuck about the hacker only until they said that our accounts and data would be exposed and shit so yeah, i just froze in shock haha
😂🤣
 
Joined
Dec 22, 2018
Messages
61
thanks! i just got a 2fa yesterday, also found this today while browsing link removedi dont understand but seems sus but i dont undestand so...

Code:
 that's the leaked code in question, yes
 
Joined
Apr 17, 2018
Messages
11
Sorry if this has already been asked (or if you've already done it). Would you be able to provide a list (obviously not publicly) of accounts in the breach to a service like TroyHunt/haveibeenpwned is running so they can get the word out via services like Firefox Monitor etc or is it best to wait until these things turn up somewhere to get picked up by these services?
 
Joined
Oct 24, 2019
Messages
1
in this past 2 days i tried to access mangadex but its not working for me unless i use vpn for my browser, is the problem from my side or else ?
 
Status
Not open for further replies.

Users who are viewing this thread

Top