Popular iOS and Android comic book app Mangatoon, which allows users to read manga on their devices, has had information from 23 million user accounts exposed online
The breach allegedly took place in May and included “salted email addresses, gender, social media account identities, authentication tokens from social logins and MD5 password hashes” according to a tweet (opens in a new tab) from the Have I Been Pwned (HIBP) data breach news archive.
The free app, founded in 2014, operates out of Shanghai, China, and has received more than $10 million in funding since its inception, according to data from Crunchbase. (opens in a new tab).
Have I been impacted?
The instigator of the attack was apparently a hacker known as a “pompompurin”, who previously claimed responsibility for the hacking of FBI emails in 2021, where the FBI’s external email system was used to sending thousands of emails warning of a fake cyberattack.
Pompompurin also claimed responsibility for the 2021 attack on trading platform Robinhood, which was another case of large-scale identity theft.
The accomplished hacker said BeepComputer (opens in a new tab) he would likely sell the stolen data at “some time.”
Pompompurin attributed the vulnerability to an elastic search database that used weak credentials, meaning the blame can be placed on poor password hygiene, rather than software failures. antivirus or firewall.
Mangatoon users can search their email in the HIBP database to see if they have been affected, but should seek to change their passwords immediately to ensure their security.
But it’s not just Mangatoon that has been letting data fall into the hands of cybercriminals in recent months.
Nearly half – 49% – of businesses have experienced a data breach in the past two years, up 39% from the previous year, according to research from technology provider Splunk.
- Do you want to protect your organization against cyber threats? Check out our guide to the best endpoint protection