Popular iOS and Android comic book app Mangatoon, which allows users to read manga on their devices, has had information from 23 million user accounts exposed online
The breach reportedly occurred in May, and included “email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes” according to a tweet from the data breach information archive Have I Been Pwned (HIBP).
The free app, founded in 2014, operates out of Shanghai, China, and has received over $10 million in funding since its inception, according to Crunchbase data.
Have I been impacted?
The instigator behind the attack was apparently a hacker known as “pompompurin”, who has previously claimed responsibility for the 2021 FBI email hack, where the FBI’s external email system was used to send thousands of emails warning of fake cyberattack.
Pompompurin has also claimed responsibility for the 2021 attack on trading platform Robinhood, which was another case of large-scale ID theft.
The accomplished hacker told BleepingComputer he would likely sell the stolen data at “some point”.
Pompompurin attributed the vulnerability to an elastic search database that used weak credentials, meaning that the blame may be on poor password hygiene, rather than failures in terms of antivirus software or firewalls.
Mangatoon users can search their email on the HIBP database to see if they have been impacted, but should look to change their passwords immediately to ensure they stay safe.
But it’s not just Mangatoon that has let data fall into the hands of cybercriminals in recent months
Almost half – 49% – of companies suffered a data breach in the last two years, up 39% from the year before, if research from tech vendor Splunk is to be believed.
Interested in keeping your organization safe from cyberthreat? Check out our guide to the best endpoint protection