Connect with us

Hi, what are you looking for?

Cyber Security

Mangatoon data breach exposes data from 23 million accounts

Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database.

Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics.

This week, the data breach notification service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts to their platform.

“Mangatoon had 23M accounts breached in May. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes,” tweeted the HIBP account.

The addition of the Mangatoon database comes after HIBP’s owner, Troy Hunt, attempted to contact the company about the data breach without any success.

Mangatoon users can now search for their email address on HIBP and check if their account is part of the breach.

BleepingComputer has sent multiple emails to Mangatoon regarding the data breach but has not heard back.

Stolen from an Elasticsearch database

The data breach was conducted by a well-known hacker named “pompompurin,” who said they stole the database from an Elasticsearch server that was using weak credentials.

“It was ES, they had credentials on it but it was just “password”, they changed the credentials after I emailed telling them but they never notified their customers and never replied,” pompompurin told BleepingComputer.

Folder containing the stolen Mangatoon databases
Folder containing the stolen Mangatoon databases
Source: pompompurin

pompompurin shared samples of the database with BleepingComputer, which we confirmed to be valid accounts on the Mangatoon platform.

When asked if they would publicly release or sell the database, they said they would probably leak it at some point.

pompompurin has been involved in other high-profile breaches, including sending fake cyberattack emails through the FBI’s Law Enforcement Enterprise Portal (LEEP) and stealing customer data from Robinhood.

After the RaidForums hacking forums were seized by law enforcement, pompompurin launched a similar forum called Breached.

Source: https://www.bleepingcomputer.com/news/security/mangatoon-data-breach-exposes-data-from-23-million-accounts/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO