Widely used manga reader MangaDex has announced to go offline after a malicious threat actor gained unauthorized access to its developer and administrator accounts on March 17th, 2021.
The hacker sent warning emails to its users. There is a possibility that their user data might also be compromised after the security breach, the site operator revealed.
Potential Security Flaws Identified
The company stated that it had invited volunteers to help its developers detect the ‘last possible CVE claimed by the attacker in the codebase.’ Eventually, they could identify several potential security flaws and are now working on rectifying them.
SEE: Flaw in Chess.com allowed access to 50 Million user records
However, it has to identify the last possible CVE that the attacker claimed. Reportedly, the attacker gained access to the site’s admin account by reusing a session token discovered in an old database leak. But, the further probe revealed additional problems on the site.
“We had incorrectly assumed that the attacker would not be able to gain further access. However, as a precaution, we had started rolling out monitoring of our infrastructure and had remained vigilant in the event the attacker returned,” MangaDex’s official statement read.
Notice on MangaDex’s website:
How did it happen?
Earlier on Saturday, the attacker accessed a developer account that belonged to an individual who was offline for over four days. The website was shut down within less than a minute, and an investigation was initiated. Within ten minutes, ten users of MangaDex had received the attacker’s email that read:< ..
Support the originator by clicking the read the rest link below.
