A global entertainment platform for comic reading, Mangatoon, had recently reported a data breach incident on their internal servers that exposed the information of more than 23 million user accounts. Reports revealed that the hackers had stolen Mangatoon’s data from an unsecured Elasticsearch server.
Millions of comic-reading fans worldwide also installed the Mangatoon application on their iOS and Android devices.
Researchers also found that the data breach notification service Have I Been Pwned (HIBP) has added millions of users from the comic reading platform on their site, further confirming the data compromise. According to HIBP, the attack on Mangatoon happened in May, which compromised millions of users’ sensitive data, including full names, email addresses, genders, auth tokens from social accounts, social media identities, and salted MD5 password hashes.
The owner of HIBP also disclosed that they had attempted to contact the comic reading site about the data breach, but the firm did not respond.
The users of Mangatoon could search their email addresses on the ‘Have I Been Pwned’ website to know if their information was included in the data breach. As of now, security researchers were also trying to communicate with the comic reading platform but have not yet received a reply.
Based on the research about this recent incident, a notorious threat actor called ‘Pompompurin’ had initiated the attack against Mangatoon, who claimed to have harvested the firm’s database from an unsecured Elasticsearch server using weak credentials.
Pompompurin also shared some details with the researchers, saying that the ElasticSearch server had a weak password credential for the Mangatoon database. The threat actor emailed the comic reading platform about having access to their data, but the firm had never responded.
To prove that Pompompurin’s stolen data were legitimate, they shared some samples with security researchers, which the experts validated to be true. For now, the hacker said they might soon leak the collected database from Mangatoon in the future.
Previous reports on hacking had also attributed the name of Pompompurin being involved. For instance, the threat actor had once sent fake attack emails through the FBI’s LEEP or Law Enforcement Enterprise Portal.
