What you need to know about the recent MangaDex data breach

[solarartemis]

@cosmo87rg amen to that footnote. Also lol @ @supermoonchrome

 

[zscharkan]

Thank you for your hard work and glad the site is back

 

[Shyri]

If they wanted my hentai list, they could've just asked...

 

[Zeroisloco]

thanks a lot for the email leaks, just what we needed...
reminder to never trust the MD staff and never make an account in the first place, good thing my email is uninportant but i know lots of people who are going to get spammed to oblivion with this leak.
REALLY, THANKS A LOT!
NO I'M NOT MAD AS FUCK!!!!

 

[KuroRaiden]

X

 

[lauermeer]

the session codes stored in the db

Don't want to be rude but that's just asking for it.

 

[AnotherRat]

Sad to hear that

 

[Cain5]

Thank you for being transparent It means a lot

 

[vnomgt]

@Zeroisloco Sure, blame the MD staff, not the hacker. I see nothing wrong here...

 

[DiBBz]

Bruh this sucks so hard to see. now only is manga dex a fantastic site for manga and manhwa indexing and what not. but the fact that its been targeted so much as of recently its unreal!

least the honesty in being upfront regarding the situation is there.

wish all the best to the team!

 

[BestBoy]

I suppose this is good prompting to change some passwords. Might take a while.

 

[Greyvenn]

Soooo what will change in v5 to make the site safer? Thanks for the transparency.

 

[Sleepydragn1]

The MangaDex staff should probably send out an email to all users informing them of the breach, if that wasn't already being planned. Not everybody is an active user, and thus not everyone who is affected may know that their password, email address, or other credentials were leaked.

 

[jhs_reika]

@pip25
On the contrary, I think the hacker is an amateur. The ransom was obviously too big for a no ads site which would usually means that the hacker were never really wanted to negotiate and just wanted to mess MangaDex up after their terms were not fulfilled. But them spamming "HOMBREEEEEE" and their subsequent acts while logged in as an admin was too mild for that. They didn't really cause long term damage and just served more as a pointer to one of MangaDex's security hole.

 

[mmosimca]

Session codes in DB is mostly fine and relatively normal. The risk is mostly minimal because if they have a full DB, a session code to login doesn't get them much.

The best way to do session tokens securely is to make the clients give the server a public key and key deviation function for a private key the clients holds on to. But that's wildly overkill for most scenarios since it's basically recreating how SSH works just to store statefulness of a session on a manga reading site.

 

[TypeDexuAgain]

Those goddamn hackers subscribed me to a bunch of questionable hentai too!

PS: lol @ backseat programmers' hot takes.

 

[Capoeira]

Thanks for sharing!

Also, should I worry about this: screamer link, wew lad

 

[blurgh123]

10k BTC or everything goes public

Fucking lul, too many zeroes there buddy

releasing v5, which is professionally written, unlike the amateur code that is v3

You paying people now?

You might want to change email to one that is not tied to your school/workplace if that was the case before, as we’re not an official site after all.

Users who signed up with their real email and commented on trap/loli hentai now on suicide watch

 

[dawgsofwinter]

Damnit last three sites such as this one that I've used have either had Admins lose the will to continue. Or had some bore piss-ant that watched the movie Hacker too many times and is convinced it makes em super human. Dump all data ya got on em out there in the 4chan and tell em he's bringing back Boxxy.... They'll likely have the poor fool DOXed in a week and then we can all take turn's mailing cat/dog poop to them.

 

[SoraAsahi]

WOW YOU GUYS ARE JUST. WOW. Amazing effort despite getting stressed out from these inconveniences