Threat Management, Breach, Privacy, Data Security

Over 20M users impacted by Mangatoon data breach

Twenty-three million users of the comic and manga reading platform Mangatoon had their data stolen by the threat actor dubbed "pompompurin" from a vulnerable Elasticsearch server in May, reports BleepingComputer. Users' names, genders, email addresses, social media account identities, social media login auth tokens, and salted MD5 password hashes have been compromised as a result of the attack, according to Have I Been Pwned, which has already added the stolen accounts to its platform. Attacker pompompurin noted that the attack has been successful due to the weak credentials of the Elasticsearch server that stored the data. "It was ES, they had credentials on it but it was just "password," they changed the credentials after I emailed telling them but they never notified their customers and never replied," said pompompurin. Database samples provided by pompompurin have been confirmed by BleepingComputer to be legitimate Mangatoon accounts, with pompompurin saying that stolen data may be leaked in the future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.