MangaDex has posted an announcement on the site informing everyone of a hacking incident that has resulted in user data compromise. Reportedly, someone has launched DDoS to steer the platform's attention and defense resources away from the main trick, which was to compromise an admin account.
The infiltrator did this by reusing a still-valid session token that had been leaked due to a faulty configuration in the session management. The hacker then sent out emails to ten users to inform them of the DB leak, going public about it right away.
Since the site potentially carries vulnerabilities and so a more in-depth investigation needs to occur before it gets back online again, the admins decided to keep it offline for a couple of weeks just to avoid any recurring security incidents. In the meantime, and because user data has been compromised as well, all members of the scanlation platform are advised to take the proper account security action. The hack took place six days ago, but it’s possible that the database hasn’t been shared with anyone yet.
If you were a registered member of MangaDex, reset your passwords on any other site you could be using the same credentials. Scanlation platforms are considered pirate websites, so your participation in this community isn’t exactly legal, but considering that MangaDex has 75 million monthly visitors, it is unlikely that we’ll see any individual targeting from copyright holders and Manga comic publishers. Still, though, you should take the extra step to maintain your anonymity and privacy even when you’re merely browsing websites of this type.
When the site comes back online, it will feature the minimum, barebones functionality like allowing members to read, follow others, and upload content. The developers will gradually add more features after ensuring that everything is totally secured against abuse potential.
What is commendable here is that MangaDex, essentially a pirate site, is informing its userbase of a security incident relatively promptly and is being honest with the repercussions of the event. Also, the operators are not abandoning the project but instead lay out a plan on how to make their platform safer and secure. They have even announced the intention to run bug bounty programs in the near future, which is unheard of for a scanlation site.