Mangagamer database compromised

[sanahtlig]

They finally answered that Ask.fm question I posed a while ago.  Looks like they've been reasonably thorough in rooting out vulnerabilities.  Doddler said they're salting the hashes also.

[Nayleen]

that's why i always check the site certificates.

Unfortunately this kind of hack would've completely circumvented any amount of security the certificate is supposed to offer.

Hate to say this, but Manga Gamer getting hacked by that moron almost seems like a good thing, since he didn't want to do any serious damage.  At least now they're getting serious about security and patching the holes in their armor.  It could've been a lot worse.

Even though that one tweet and the apologetic forum post (if either of those were the hacker, that is) sounded more like it was a hack for the lulz, apart from dumping easily crackable passwords he probably ended up doing more like a white hat hack, exposing and drawing attention to the security issues on the Mangagamer's systems.

 

It's sad that it took a breach to expose these problems, which are all common gotchas when implementing a customer-facing site, and steps to fix them are as easily fixed as following some tutorials (PHP the right way comes to mind for the PHP programming language), but it's a good thing it happened if the site was this vulnerable.

 

Feel free to relay a "Good job, Mangagamer" to them from me.

[sanahtlig]

I can't praise a guy who tried to frame MG's customers as child porn collectors as a "white hat" hacker.  What he tried to do was more vicious than any criminal ring would've attempted.  All they want is your money (or your personal info to sell for money).  His goal was nothing less than destroying MG and humiliating most of the paying VN fanbase.  What he attempted (but failed to achieve in any meaningful manner) was essentially cyberterrorism.

[Nayleen]

You're obviously right, and I didn't mean to praise him in any way over what he said or did. His claims were obviously false and the breach of Mangagamer's servers a criminal offense, obviously.

 

I'm sorry and should've worded that differently, that I'm glad no serious damage was caused and Mangagamer took the necessary steps to prevent something similar - or worse - from happening again. I just wanted to point out that he didn't cause the damage he meant to, and the website's security has been tightened as a direct consequence of the attack, making it an overall win for Mangagamer, without intending to praise the hacker or approve of his actions.