Mangatoon suffered a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database.
The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and salted MD5 password hashes.
The data breach was conducted by a well-known hacker named "pompompurin".
TPRM report: https://scoringcyber.rankiteo.com/company/mangatoon
"id": "man11923722",
"linkid": "mangatoon",
"type": "Breach",
"date": "07/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 23000000,
'industry': 'Entertainment',
'name': 'Mangatoon',
'type': 'Company'}],
'attack_vector': 'Unsecured Elasticsearch database',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 23000000,
'personally_identifiable_information': True,
'type_of_data_compromised': ['names',
'email addresses',
'genders',
'social media account identities',
'auth tokens from social logins',
'salted MD5 password hashes']},
'description': 'Mangatoon suffered a data breach that exposed information '
'belonging to 23 million user accounts after a hacker stole it '
'from an unsecured Elasticsearch database.',
'impact': {'data_compromised': ['names',
'email addresses',
'genders',
'social media account identities',
'auth tokens from social logins',
'salted MD5 password hashes']},
'threat_actor': 'pompompurin',
'title': 'Mangatoon Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured database'}