An insecure Elasticsearch database was breached by a hacker, exposing information from 23 million user accounts on the comic reading site Mangatoon. Millions of users use the extremely popular iOS and Android software Mangatoon to view online manga comics. This week, 23 million Mangatoon accounts were uploaded to the platform of the data breach reporting service Have I Been Pwned (HIBP).
“Mangatoon had 23M accounts breached in May. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes,” the HIBP account tweeted.
The Mangatoon database was added after HIBP’s owner, Troy Hunt, unsuccessfully tried to get in touch with the organization about the data breach. Users of Mangatoon may now look up their email address on HIBP to see whether their account was compromised. Several emails have been sent to Mangatoon regarding the data breach, but no response has been received.
The database was taken from an Elasticsearch server that was operating with shoddy credentials, according to a well-known hacker with the handle “pompompurin,” who claimed responsibility for the data theft. “It was ES, they had credentials on it but it was just “password”, they changed the credentials after I emailed telling them but they never notified their customers and never replied,” revealed pompompurin.
pompompurin shared database samples that are legitimate Mangatoon accounts. When asked if they would sell or publicly distribute it, they admitted that they would probably leak the database at some time. pompompurin has also been linked to other high-profile hacks, including the theft of user information from Robinhood and the distribution of phony cyberattack emails via the FBI’s Law Enforcement Enterprise Portal (LEEP). Pompompurin started a similar site named Breached after law enforcement shut down the hacker forums RaidForums.