Cyber Incident Victim: Mangatoon

In May 2022, Mangatoon, a popular comic reading platform with millions of iOS and Android users, suffered a data breach compromising approximately 23 million accounts. The breach originated from an unsecured Elasticsearch database accessed by a hacker using weak credentials. The attacker, identified as "pompompurin," stole user data including names, email addresses, genders, social media account identities, authentication tokens from social logins, and salted MD5 password hashes. The breach remained undisclosed by Mangatoon until July 9, 2022, when Have I Been Pwned (HIBP) added the dataset to its breach notification service. HIBP's owner Troy Hunt attempted to contact Mangatoon about the incident but received no response. BleepingComputer also made multiple unsuccessful attempts to obtain comments from the company. Affected users could verify their exposure through HIBP's platform, though Mangatoon provided no official communication channel for impacted individuals.

The attacker confirmed to BleepingComputer that they accessed the Elasticsearch server using the password "password," after which Mangatoon changed the credentials but failed to notify customers. Pompompurin shared validated data samples with BleepingComputer and indicated intent to leak the full database publicly. The breach occurred shortly after pompompurin launched "Breached," a replacement forum for the seized RaidForums hacking community. Mangatoon's lack of public acknowledgment or remediation guidance left users unaware of risks associated with exposed authentication tokens and weakly hashed passwords. The incident exposed systemic security failures, including inadequate credential management and unresponsive incident disclosure protocols, affecting a global user base primarily engaged through mobile applications.