Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 5 january 2024
adv ex on 22 February 2024
Banner expire 20 November 2024
Kfc Club

Patrick Stash
casino
banner expire at 13 August 2024
BidenCash Shop
Rescator cvv and dump shop
Yale lodge shop
UniCvv

Neon Ghost

TRUSTED VENDOR
Staff member
Joined
Dec 3, 2020
Messages
1,780
Popular manga reader MangaDex has decided to rebuild its website after suffering a major breach which compromised its source code and potentially a customer database.

The “scanlation” site enables fans of certain titles to read them in their own language for free. However, last Wednesday it discovered an unauthorized individual had managed to gain access to an administrator account, after stealing a session token by exploiting a web vulnerability.

The site was brought back online after the MangaDex team patched the vulnerabilities they found but was forced offline again after the attacker accessed the account of one of its developers.

In the meantime, possession of that key allowed the attacker to steal and subsequently post a link to the site’s source code on a git repository. In a game of cat-and-mouse, the attacker posted messages claiming the MangaDex team had fixed two out of three key CVEs.

Instead of playing the game, the admins have decided to keep the site offline while they build a new, more secure version.

“As of writing, we have invited numerous volunteers to assist our developers with identifying the last possible CVE claimed by the attacker in the codebase. Thanks to our volunteers, we have identified a good number of potential security flaws and moved to rectify them. However, at time of writing, we have still yet to identify the last possible CVE claimed by the attacker,” they said.

“With that knowledge in mind, we were confronted with a difficult decision. If we had assumed incorrectly that the web code is now secure, we could end up being compromised again by the attacker. As a result of that, in good conscience, we could not possibly re-open the website to users presently.”

Given the staff of the site consists mainly of volunteers, it could take some time before it is back online.

“As developing and maintaining MangaDex is nobody’s actual job, it is difficult to give an accurate estimate as to when we’ll be back up and running. It should go without saying that every one of us wants it to happen as soon as safely possible,” the note continued.

“That said, if everything goes as smoothly as we dare to hope, we could be looking at a downtime of just a week or two. Or three.”

In the meantime, MangaDex warned users that they should assume their data has been compromised.
“As a user, we will encourage that you would assume that your data has been breached, and take precautions immediately, such as changing the passwords of any accounts that might share the same password as your MangaDex account,” it said. “As a generally good security practice, password managers are highly recommended to keep your online identity secure.”
 
Top Bottom