Comic Reading Platform Coughs Up Personal Details Of 23M Users In Data Breach
Last year, a hacker who goes by the name “pompompurin” managed to breach a Federal Bureau of Investigation (FBI) web portal and send out thousands of hoax emails
from an official FBI email address. Just a couple weeks prior, pompompurin gained unauthorized access to the internal network of the stock trading app Robinhood and stole user data
. The hacker then posted this stolen data for sale on RaidForums with a minimum asking price of five figures.
Fast forward to this year, and US law enforcement seized the domains of RaidForums
and shut down the website. However, pompompurin quickly launched Breach Forums, a site intended to take the place of RaidForums. Even though the site hasn’t been running for long, Breach Forums has already been home to information stolen in one of the largest data breaches ever
. While pompompurin may have his hands full running Breach Forums, he hasn’t retired from hacking.
A screenshot of the stolen databases shared by pompompurin (source: BleepingComputer)
Have I Been Pwned (HIBP), a website that helps people determine whether their email addresses or phone numbers have been caught up in data breaches, recently updated its database
with information from a data breach that took place in May of this year. This breach compromised the data of over 23 million Mangatoon users. Mangatoon is a platform for reading comics, and the company has remained silent about the breach, even after HIBP made the breach publicly known. The breach exposed the following user information:
- Email addresses
- Social media identities
- Authentication tokens from social logins
- Salted MD5 hashes of passwords
While Mangatoon hasn’t acknowledged the breach, pompompurin has come forward to claim responsibility for the incident. The hacker shared samples of the data, as well as a screenshot of the folder containing all the stolen databases, with BleepingComputer. The publication was able to confirm that the data contained in the samples corresponds to valid Mangatoon accounts. Pompompurin also informed BleepingComputer that he will likely leak the stolen data at some point.