Mangatoon data breach exposed 23 million accounts' data

Comic reading platform Mangatoon has been hit by a data breach that exposed data belonging to 23 million user accounts after a threat actor stole it from an unsecured Elasticsearch database.

This week, the data breach notification service Have I Been Pwned (HIBP) added 23 million Mangatoon accounts to their platform:

The addition of the Mangatoon database comes after HIBP's owner, Troy Hunt, attempted to contact the company about the data breach without any success.

Mangatoon users can now search for their email address on HIBP and check if their account is part of the breach.

The data breach was conducted by a well-known hacker named "pompompurin," who said they stole the database from an Elasticsearch server that was using weak credentials.

In the same time, the misconfigured Amazon S3 bucket exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.