MangaDex Gets Hacked
All Your Password Are Belong to Us
Notice some trouble with MangaDex recently? Apparently an old version of the site apparently has gotten into the hands of a less than friendly actor in the digital space. According to one of the developers Plykiya on the forums, a data breach has left users of the site vulnerable. An older version of the site and database is believed to be uncovered from a roughly four month old server image.
If you are concerned about the breach the main points boil down to as follows –
- Hashed passwords in the database are unlikely to be vulnerable, but users should update regardless.
- The MangaDex team has made efforts to prevent the bad actor from accessing your account through a saved session exploit.
- Your email address, last known IP Address, follows, comments, and DMs are exposed.
- Personal RSS keys for manga follows are reset. You will need a new key to continue.
At the moment the site is continuing to have server issues. A likely fallout from everyone being required to hit the database in order to log back into the site.
Remember folks, use a unique password or a password manager for your logins. A breach like this is inevitable on a site that is frequently attacked by Direct Denial of Service attacks.
[MangaDex Forum Post]