MangaDex Says Stolen User Database Already Shared “in the Wild”

  • MangaDex user database reportedly already shared among closed groups of malicious actors.
  • The platform claims to be working on an HIBP-backed notice-distribution action.
  • The data seems to be indeed circulating out there, but it may have leaked completely early in the month.

Last month, MangaDex suffered a data breach that resulted in the exfiltration of the website’s user database. The platform decided to go offline for a while and fix its security, and today, they remain in the same state. However, there’s an update that came online a couple of days ago, confirming that user data has been leaked “in the wild,” and it contains usernames, email addresses, IP addresses, and securely hashed passwords.

Users of the site who haven’t been using a VPN to mask their IP address are now running the risk of finding trouble due to them engaging in content piracy. MangaDex is a popular scanlation site, which means that it hosted and distributed content that violates the rights of the creators of manga comics, etc.

Source: MangaDex

And then there is the aspect of the leaked credentials, which are risking the security of the accounts that MangaDex users may have on other online platforms. The announcement mentions that the team behind the site is working closely with HIBP (haveibeenpwned.com) platform to add the affected emails onto the checker’s database and send out notifications of a breach.

We don’t know if this is true, and we have reached out to Troy Hunt to ask about it, so we will update this piece as soon as we have a comment. It is notable that MangaDex is taking the path of responsibility, which for a piracy site is atypical and worth of applaud.

As the announcement points out, the user database hasn’t been leaked widely yet but is instead being shared privately among certain groups of people who have ill intentions against the platform. MangaDex claims these people are quiet about their data possession, likely for unethical reasons, but they expect the situation to escalate soon.

We have checked around with the help of KELA, and we have found some posts that partly confirm these claims. First, on a popular clearnet hacking forum, there’s a post saying that the database is out there and available for purchase, but not at a price that’s worth it.

Source: KELA

On a dark web forum, though, we found a post that dates back to the start of this month, offering several links to download the database for free. We have not tested these links, and we have not confirmed the validity of the data, so we’re conveying this info with caution.

REVIEW OVERVIEW

Latest

How to Watch Washington Wizards Games Online Without Cable

The Washington Wizards have been the surprise package of the NBA season so far, exciting fans all over the world with their...

How to Watch Philadelphia 76ers vs. Boston Celtics: Live Stream, Start Time, TV Channel, Odds, Predictions

The NBA regular season continues on Wednesday evening, with the Boston Celtics hosting the Philadelphia 76ers at the world-famous TD Garden in...

How to Watch Sacramento Kings vs. Los Angeles Clippers: Live Stream, Start Time, TV Channel, Odds, Predictions

The Los Angeles Clippers will be looking to return to winning ways as they battle it out against the Sacramento Kings in...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari