Over 20 million Mangatoon users had their data stolen by the threat actors dubbed ‘pompompurin’ from a vulnerable Elasticsearch server in May.
Over 20 million Mangatoon users had their data stolen by the threat actors dubbed ‘pompompurin’ from a vulnerable Elasticsearch server.
Mangatoon is an app for reading comics and manga on mobile phones.
The popular breach checking service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts to their platform this week.
Mangatoon users can now search for their email address on the HIBP database and check if their account is part of the breach.
Users' names, genders, email addresses, social media account identities, social media login auth tokens, and salted MD5 password hashes have been compromised as a result of the attack, according to Have I Been Pwned, which has already added the stolen accounts to its platform. Attacker pompompurin noted that the attack had been successful due to the weak credentials of the Elasticsearch server that stored the data.
“The data breach was performed by a well-known hacker named ‘pompompurin,’ who said they stole the database from an Elasticsearch server using weak credentials,” reports BleepingComputer.
“It was ES, they had credentials on it but it was just "password", they changed the credentials after I emailed telling them but they never notified their customers and never replied."
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?