In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes. Mangatoon did not respond to multiple attempts to make contact regarding the breach.

Bleeping Computer covers how the breach happened, it was an Elastic Search instance with the password “password”.

Troy Hunt covered in Weekly Update 303 and then again in 304:

It looks very very cover up

Troy Hunt, Weekly Update 304 13:00

Summary of the breach

Accounts breached: 23040238

Breached on: May 13, 2022

Exposed data: Auth tokens, Avatars, Email addresses, Genders, Names, Passwords, Social media profiles, and Usernames


Added on: July 06, 2022

%d bloggers like this: