Contents:
Mangatoon is a comic book, manhua, manhwa, and manga reading app that is completely free to use. The program is very well-liked on both iOS and Android, and it is used by millions of individuals in order to view manga comics online.
What Happened?
Following the theft of user account information from an unprotected Elasticsearch database, Mangatoon suffered a data breach that resulted in the exposure of data pertaining to 23 million user accounts.
Have I Been Pwned (HIBP), a service that notifies users when a data breach occurs, has announced this week that it had added 23 million Mangatoon accounts to its platform.
New breach: Maccount angatoon had 23M accounts breached in May. The breach exposed names, email addresses, genders, social media identities, auth tokens from social logins and salted MD5 password hashes. 27% were already in @haveibeenpwned
As BleepingComputer explained, the users of Mangatoon may now search for their email address on HIBP to see whether or not their account was compromised in the recent data breach.
A notorious hacker who goes by the moniker “pompompurin” is the one who is responsible for the data breach. This hacker claimed that they grabbed the database from an Elasticsearch server that had inadequate passwords.
It was ES, they had credentials on it but it was just “password”, they changed the credentials after I emailed telling them but they never notified their customers and never replied.