Quote:MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident.
 
Last week, the site reported that a cyberattacker had gained access to an administrative account, “through the reuse of a session token found in an old database leak through faulty configuration of session management.”
 
After remediating the issue by clearing all sessions globally, the site’s builders took a look at the code that runs MangaDex, trying to patch any vulnerabilities they came across as they went along. However, while the code review was ongoing, the same adversary was then able to access one of MangaDex’s developer accounts, stealing the site’s version-three source code. The attacker’s likely motivation was to cause “maximum disruption” to the site, according to MangaDex.
 
“While the attacker gained access to information not typically visible from the context of a normal user, we have not been able to confirm a full host compromised, or an up-to-date database breach,” the site announced. “As a user, we will encourage that you would assume that your data has been breached, and take precautions immediately, such as changing the passwords of any accounts that might share the same password as your MangaDex account. As a generally good security practice, password managers are highly recommended to keep your online identity secure.”
 
The attacker also taunted the site’s operators with knowledge of security bugs in the codebase, which is the main reason that MangaDex went offline, it said.
 
“The attacker had updated the git repository containing the source-code leak, claiming that we had successfully patched two out of three possible CVEs,” according to a website notice posted on Sunday. “Without any way to confirm the claims, we assumed the worst-case scenario and kept the site down to further investigate.”