fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

MangaDex Discloses Data Breach After Stolen Database Shared Online

MangaDex Discloses Data Breach After Stolen Database Shared Online

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site’s user database was privately circulating among threat actors.

MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics online for free. 

In March, 

MangaDex was hacked, and a threat actor claimed to have stolen the site’s source code and its database, which they said had not been published anywhere.

After MangaDex took the site offline in response to the attack, the threat actor, known as ‘holo-gfx,’ continued to taunt the owners by claiming to have backdoored the site with further vulnerabilities and web shells.

Threat actor taunting MangaDex
Threat actor taunting MangaDex

MangaDex has since been offline while they work on releasing a newer version of their site using source code that was not compromised.

Mangadex database privately traded

Last week, MangaDex updated their website to state that their user database has been privately circulating among threat actors and that member information has been exposed.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

The exposed data includes members’ user names, email addresses, last known IP addresses, and bcrypt hashed passwords.

“As of time (18 Apr 2021 2:00 PM UTC) of writing this post, we have positively identified the database leak in the wild, as we had feared would happen.”

“This means that your username, email, IP address and securely hashed passwords are now potentially public knowledge. If you have not done so yet, we strongly advise that you change your credentials on any site that you may have shared with MangaDex,” a new announcement on MangaDex warns.

After a data breach, attackers commonly sell the downloaded database in private sales with other threat actors who use the data in their own attacks, such as phishing and credential stuffing attacks.

When the data is no longer generating sales, the database is usually released on hacking forums for free as a way for threat actors to build a reputation among the hacker community.

At this time, the MangaDex database is privately being circulated and has not been publicly released.

However, using KELA’s cybersecurity intelligence engine DarkBeast, BleepingComputer has been able to find threat actors distributing what they claim is a MangaDex database from the March 2021 attack.

Alleged MangaDex database leak
Alleged MangaDex database leak

After analyzing this publicly shared database, the data appears to be from the data breach of the Xsplit live streaming software in 2013 and it not the MangaDex database.

Troy Hunt, who was sent the legitimate MangaDex database and added it to HaveIBeenPwned, has told BleepingComputer that he believes the data is not widely circulated at this time.

How to check if you’re in the MangaDex breach

If you have an account at MangaDex and are concerned your information is part of the breach, you can now check on the Have I Been Pwned data breach notification site.

To do this, simply go to https://haveibeenpwned.com, enter your email address in the search field, and click on the pwned? button.

HaveIBeenPwned

The site will check its database for your email address and list any data breaches that include your email.

If you find that your account has been exposed, it is strongly advised that you change your password at any sites that also used the same password as on MangaDex.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

You should also be on the lookout for phishing emails utilizing the exposed information to gather further sensitive information, such as plain text passwords.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us