Millions of comic book fans have data leaked after Mangatoon breach

A blue color image of a person trying to log into a protected laptop.
(Image credit: Shutterstock/JARIRIYAWAT)

Popular iOS and Android comic book app Mangatoon, which allows users to read manga on their devices, has had information from 23 million user accounts exposed online

The breach reportedly occurred in May, and included “email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes” according to a tweet from the data breach information archive Have I Been Pwned (HIBP).

The free app, founded in 2014, operates out of Shanghai, China, and has received over $10 million in funding since its inception, according to Crunchbase data.

Have I been impacted?

The instigator behind the attack was apparently a hacker known as “pompompurin", who has previously claimed responsibility for the 2021 FBI email hack, where the FBI’s external email system was used to send thousands of emails warning of fake cyberattack.

Pompompurin has also claimed responsibility for the 2021 attack on trading platform Robinhood, which was another case of large-scale ID theft.

The accomplished hacker told BleepingComputer he would likely sell the stolen data at “some point”.

Pompompurin attributed the vulnerability to an elastic search database that used weak credentials, meaning that the blame may be on poor password hygiene, rather than failures in terms of antivirus software or firewalls.

Mangatoon users can search their email on the HIBP database to see if they have been impacted, but should look to change their passwords immediately to ensure they stay safe.

But it’s not just Mangatoon that has let data fall into the hands of cybercriminals in recent months

Almost half - 49% - of companies suffered a data breach in the last two years, up 39% from the year before, if research from tech vendor Splunk is to be believed.

  • Interested in keeping your organization safe from cyberthreat? Check out our guide to the best endpoint protection 

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.