Home Cyber Crime MangaDex website taken offline following cyber-attack, data breach

MangaDex website taken offline following cyber-attack, data breach

2
0



Jessica Haworth

22 March 2021 at 14:23 UTC

Up to date: 22 March 2021 at 14:45 UTC

House owners of manga fan website are rebuilding the codebase following collection of safety incidents

A website that hosts free manga comics has been taken offline after malicious hackers allegedly gained access to a database that housed user data

An internet site that hosts free manga comics has been taken offline after malicious hackers allegedly gained entry to a database that housed person information.

The MangaDex website was taken down for upkeep final week (March 20) after an unknown actor gained entry to an administrator account.

The location’s maintainers stated the attacker was capable of entry the account by means of “the reuse of a session token present in an outdated database leak by means of defective configuration of session administration”.

After taking management of the account, they declare to have accessed person information.

Though MangaDex stated its investigations had “but to verify” {that a} information breach occurred, it stated it was engaged on the idea that it did happen.

Deliberate shut down

After gaining a foothold, the attacker contacted customers through electronic mail claiming that MangaDex has a collection of safety flaws.

Maintainers, who work on the location on a voluntary foundation, patched two of three vulnerabilities however are nonetheless seeking to determine the third vulnerability with the assistance of safety researchers.

A message posted on the web site homepage reads:

After the breach, we began spending many hours reviewing the code for potential additional vulnerabilities, and began to patch what we might discover to the perfect of our capabilities.

This ran parallel to us opening the location after the breach, as we had incorrectly assumed that the attacker wouldn’t have the ability to acquire additional entry.

Nevertheless, as a precaution, we had began rolling out monitoring of our infrastructure and had remained vigilant within the occasion the attacker returned.

A message posted on the website homepage informing users of the security incidentA message posted on the web site homepage informing customers of the safety incident

Password reset

Customers have been warned that they need to change their passwords within the occasion of a possible information breach stemming from this incident.

The web site will stay offline till security measures have been up to date, earlier than a “barebones” model is made out there.

Read more of the latest database security news

Maintainers additionally stated that they are going to be launching a bug bounty program for the location sooner or later.

The Day by day Swig has reached out to MangaDex for extra details about its proposed safety updates.

YOU MAY ALSO LIKE Mimecast confirms hackers behind SolarWinds supply chain attack accessed limited amount of customer information



Source link