MangaDex has been taken offline after suffering a cyberattack where malicious hackers allegedly gained access to the database.
MangaDex has been taken offline after suffering a cyberattack where malicious hackers allegedly gained access to the database.
ManfaDex is one of the largest manga scanlations, with over 76 million visitors per month.
MangaDex revealed yesterday that after suffering a series of outages since March 17. A threat actor had gained entry to an admin and developer account, as well as the source code to the site.
Mangadex.org reports that a threat actor gained access to the site after stealing an admin user’s session token through a website vulnerability.
“Three days ago (2021-03-17), we correctly identified and reported that a malicious actor had managed to gain access to an admin account through the reuse of a session token found in an old database leak through the faulty configuration of session management."
"Following that event, we moved to identify the vulnerable section of code and worked to patch it up, also clearing session data globally to thwart further attempts at exploitation through the same method," MangaDex disclosed on their website.
Hacker was able to gain full access to the website using this token and download the site’s source code. Later the attacker published the site’s source code on GitHub using the alias `holo-gfx.’
The attacker would taunt the site’s developers with comments when the site audited their code and fixed vulnerabilities.
“This ran parallel to us opening the site after the breach, as we had incorrectly assumed that the attacker would not be able to gain further access, ” posted a message on the website homepage.
“However, as a precaution, we had started rolling out monitoring of our infrastructure and had remained vigilant in the event the attacker returned.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?