Free hosting website for manga comics MangaDex was taken down last March 20, 2021, after threat actors reportedly gained unauthorized access to its database. The hackers were able to access one administrator account, which was directly connected to a database that was housing user information.
MangaDex is a popular free manga reader and scanlation site. It allows users and readers alike to gain access to an extensive range of manga comics, while also providing scanlators with a platform to upload their work and the ability to read comics in their own language, notes Infosecurity Magazine.
According to Threat Post, the attacker in question gained access to the said administrative account via “the reuse of a session token found in an old database leak through a fault configuration of session management.”
After gaining access to one of the administrative accounts on MangaDex, the hacker took to emailing users of the free manga hosting website in an attempt to inform them about the said incident and the series of security flaws that the website suffered, reports The Daily Swig.
Following the cyberattack, the company took to their homepage to notify users and patrons about the cyberattack. In a statement, it said that the website will be taken down and will be offline “until further notice.” It is slated to provide updates and progress about its changes via its social media account on Twitter.
In addition to informing users and patrons about the incident, MangaDex also decided to migrate and move to a new hosting service to provide its followers with a safer and more secure platform to use.
According to its post, the company said they “have decided to take this opportunity to refocus and expedite our planned rewrite of the site, called v5. Contrary to our original plans, however, we will be launching his v5 as soon as the minimum essential features are ready.”
With the MangaDex website consisting of volunteers, the note said that it can be quite “difficult” to say when the site will be up and running again. It does, however, hope to be back in business by at least a week or, at the most, three weeks.
As of writing, The Daily Swig said that most of the volunteer members working on the site have since patched two out of the three existing vulnerabilities.
The company is still looking for input and help that might aid in mitigating the third and last flaw. In line with this, the manga hosting website is intending to roll out a bug bounty program in the future, reveals Threat Post.
Given the probable extent of the cyberattack, MangaDex advised users and patrons to change their passwords.