Widely used manga reader MangaDex has announced to go offline after a malicious threat actor gained unauthorized access to its developer and administrator accounts on March 17th, 2021.
The hacker sent warning emails to its users. There is a possibility that their user data might also be compromised after the security breach, the site operator revealed.
Potential Security Flaws Identified
The company stated that it had invited volunteers to help its developers detect the ‘last possible CVE claimed by the attacker in the codebase.’ Eventually, they could identify several potential security flaws and are now working on rectifying them.
However, it has to identify the last possible CVE that the attacker claimed. Reportedly, the attacker gained access to the site’s admin account by reusing a session token discovered in an old database leak. But, the further probe revealed additional problems on the site.
“We had incorrectly assumed that the attacker would not be able to gain further access. However, as a precaution, we had started rolling out monitoring of our infrastructure and had remained vigilant in the event the attacker returned,” MangaDex’s official statement read.
Notice on MangaDex’s website:
How did it happen?
Earlier on Saturday, the attacker accessed a developer account that belonged to an individual who was offline for over four days. The website was shut down within less than a minute, and an investigation was initiated. Within ten minutes, ten users of MangaDex had received the attacker’s email that read:
“MangaDex has a DB leak. I suggest you tell their staff about it.”
After two hours, the attacker updated a git repository that contained a source code leak. Though MangaDex patched two out of the three Common Vulnerabilities and Exposures (CVEs), the site operators decided to take it offline.
They have received a ransom request from the attacker that asked for 10k BTC with the threat that the data will be made public in case they refuse to pay it. Though there is no evidence that a data breach happened, the site operators say they assume it has happened.
Site Closed for Undisclosed Time
According to the site operators, there is no certainty that their web code is secure now, which is why it had to take the difficult decision to take it offline. And it will remain offline until the issues are resolved.
“With that knowledge in mind, we were confronted with a difficult decision. If we had assumed incorrectly that the web code is now secure, we could end up being compromised again by the attacker. As a result of that, in good conscience, we could not possibly re-open the website to users presently.”