MangaDex, a popular manga comics website has been temporarily shut down due to a hacker attack that impacted the website’s user database.
According to recent reports, the free manga comics website MangaDex had to be taken down until further notice by the maintainers after a currently unidentified malicious actor gained unauthorized access to one of the website’s administrator accounts.
Website maintainers of MangaDex have stated that the hacker or hackers were able to hack through one of the administrator’s accounts by utilizing the “reuse session” token left in an old database leak due to improper configuration of session management.
Subsequently, after seizing control of the administrator account, the hackers have claimed to have gained access to a database containing user data.
Since investigations are still underway, MangaDex is yet to affirm the reported data breach attack. The website says that it’s been taken down under the assumption that a data breach attack occurred.
Reportedly, the hacker sent emails to the website users that notified them of MangaDex hosting server security flaws after obtaining a foothold.
Patching MangaDex vulnerabilities:
Three vulnerabilities were seemingly detected within the website out of which two have been patched by MangaDex maintainers while research for the third vulnerability is still underway.
After detecting the data breach attack, the website was taken offline and flashed with a message for the users stating the security incident and its subsequent temporary website shutdown notice.
The message also relayed that the maintainers are “spending many hours reviewing the code for possible further vulnerabilities, and started to patch what we could find to the best of our capabilities.”
“This ran parallel to us opening the site after the breach, as we had incorrectly assumed that the attacker would not be able to gain further access.
However, as a precaution, we had started rolling out monitoring of our infrastructure and had remained vigilant in the event the attacker returned.” stated the MangaDex maintainers.”
Mitigate future risks:
In light of the recent hacking incident, MangaDex users have been recommended to change or modify their current usernames and passwords to mitigate any potential cybersecurity hazards.
MangaDex will remain non-operational until further notice until security updates have been deployed.
Maintainers of the website have also said that a bug bounty program will be launched for the site in the future.