Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Mangatoon Data Breach overview:
- Who: Twenty-three million Mangatoon users’ information was stolen in May.
- Why: A hacker was able to access users’ account information on an Elasticsearch database.
- Where: The Mangatoon data breach affects users worldwide.
A May data breach of Mangatoon, a comic reading platform, exposed account information of 23 million users of the platform. The hacker accessed the information from an unsecured Elasticsearch (a search engine) database.
News of the May breach was broken in July by the data breach notification service Have I Been Pwned (HIBP) and its owner, Troy Hunt. In the first week of July, HIBP posted the names of the 23 million affected Mangtoon to its platform. More than just account names, the breach accessed email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes, according to a tweet from the HIBP account.
Mangatoon users can search for their email address on HIBP to check if their account was accessed in the breach, according to a report by BleepingComputer.
Mangatoon data breach accessed by known hacker
BleepingComputer reports that a well-known hacker named “pompompurin” made the breach by stealing the Mangatoon database from an unsecured Elasticsearch server.
“It was ES, they had credentials on it but it was just “password”, they changed the credentials after I emailed [them] telling them but they never notified their customers and never replied,” pompompurin told BleepingComputer. Mangatoon also had not replied to HIBP’s Hunt’s requests for verification and comment.
BleepingComputer verified pompompurin’s samples of the Mangatoon database as being valid accounts. Pompompurin acknowledged they would probably leak the user database “at some point,” according to BleepingComputer.
Pompompurin is known for previously stealing Robinhood customer data and sending fake cyberattack emails through the FBI’s Law Enforcement Enterprise Portal.
Are you a Mangatoon user? Your account information may have been accessed in the data breach.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
3 thoughts onMangatoon data breach exposes data of 23M accounts
Please add me
add me please
Add me