MangaDex Website Breached
MangaDex is basically a scanlation (scan and translation) platform hosting comics of various genres. It lets users share the comics from various sources, potentially without copyrights, and alter them. Some may take the responsibility of translating and relaunching under their account. It’s so popular that tens of millions of users visit the site monthly. The platform was abruptly shut down by the operators after detecting unauthorized access and said won’t be reopened until further notice. Admins have further detailed the reason why they’re forced to pull the site offline.
— MangaDex (@MangaDex) March 21, 2021 They revealed that on 17th March, a malicious actor has accessed the site through an admin account, by reusing a session token found in an old database leak from the past. While what has been done using the access wasn’t known, operators have immediately started scanning the website for more potential vulnerabilities. They said to have cleared the session data globally and patched found vulnerabilities wherever they could. Three days later, the same hacker has managed to get one of MangaDex’s inactive developers’ accounts, but that was soon terminated by the operators as they’re constantly looking for such threats. Yet, the hacker was able to send emails to ten of MangaDex’s users saying that “MangaDex has a DB leak. I suggest you tell their staff about it.” Site operators have told to TorrentFreak that they have found a ransom note asking for 10K BTC (sic) (Which could be 10K worth USD in BTC). But, operators said they have not found any trace of a data leak. But for good, operators asked users to assume it has happened and suggested them to change all the passwords resembling MangaDex on other online platforms. Further, they said to have been working on v5 of MangaDex, which will be a complete write-up from scratch.