Manga scanlation site MangaDex disclosed a data breach last week after learning that the site’s user database was privately circulating among threat actors.

MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics online for free. 

In March, MangaDex was hacked, and a threat actor claimed to have stolen the site’s source code and its database, which they said had not been published anywhere.

After MangaDex took the site offline in response to the attack, the threat actor, known as ‘holo-gfx,’ continued to taunt the owners by claiming to have backdoored the site with further vulnerabilities and web shells.

MangaDex has since been offline while they work on releasing a newer version of their site using source code that was not compromised.

Mangadex database privately traded

Last week, MangaDex updated their website to state that their user database has been privately circulating among threat actors and that member information has been exposed.

The exposed data includes members’ user names, email addresses, last known IP addresses, and bcrypt hashed passwords.

“As of time (18 Apr 2021 2:00 PM UTC) of writing this post, we have positively identified the database leak in the wild, as we had feared would happen.”

“This means that your username, email, IP address and securely hashed passwords are now potentially public knowledge. If you have not done so yet, we strongly advise that you change your credentials on any site that you may have shared with MangaDex,” a new announcement on MangaDex warns.

After a data breach, attackers commonly sell the downloaded database in private sales with other threat actors who use the data in their own attacks, such as phishing and credential stuffing attacks.

When the data is no longer generating sales, the database is usually released on hacking forums for free as a way for threat actors to build a reputation among the hacker community.

At this time, the MangaDex database is privately being circulated and has not been publicly released.

However, using KELA’s cybersecurity intelligence engine DarkBeast, BleepingComputer has been able to find threat actors distributing what they claim is a MangaDex database from the March 2021 attack.

After analyzing the publicly shared database, the data appears to be from the data breach of the Xsplit live streaming software in 2013.

Troy Hunt, who was sent the legitimate MangaDex database and added it to HaveIBeenPwned, has told BleepingComputer that he believes the data is not widely circulated at this time.

How to check if you’re in the MangaDex breach

If you have an account at MangaDex and are concerned your information is part of the breach, you can now check on the Have I Been Pwned data breach notification site.

To do this, simply go to https://haveibeenpwned.com, enter your email address in the search field, and click on the pwned? button.

The site will check its database for your email address and list any data breaches that include your email.

If you find that your account has been exposed, it is strongly advised that you change your password at any sites that also used the same password as on MangaDex.

You should also be on the lookout for phishing emails utilizing the exposed information to gather further sensitive information, such as plain text passwords.