Privacy Ninja

Mangatoon Data Breach Exposes Data from 23 million Accounts

Comic reading platform Mangatoon has suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database.

Mangatoon is also a very popular iOS and Android app used by millions of users to read online Manga comics.

This week, the data breach notification service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts to their platform.

“Mangatoon had 23M accounts breached in May. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes,” tweeted the HIBP account.

The addition of the Mangatoon database comes after HIBP’s owner, Troy Hunt, attempted to contact the company about the data breach without any success.

Also Read: Advisory Guidelines on Key Concepts in the PDPA: 23 Chapters

Anyone got a security contact at @MangatoonEN? DMs are closed and apparently they haven't been responding to emails attempting to reach them.
— Troy Hunt (@troyhunt) July 4, 2022

Mangatoon users can now search for their email address on HIBP and check if their account is part of the breach.

BleepingComputer has sent multiple emails to Mangatoon regarding the data breach but has not heard back.

Stolen from an Elasticsearch database

The data breach was conducted by a well-known hacker named “pompompurin,” who said they stole the database from an Elasticsearch server that was using weak credentials.

“It was ES, they had credentials on it but it was just “password”, they changed the credentials after I emailed telling them but they never notified their customers and never replied,” pompompurin told BleepingComputer.

Also Read: Contract for Service Template: 5 Important Sections