manga04_jpg login_tab_left_jpg
Username:   Password:    Forgot Password?
App
Try out our new iPhone application!
App
Manga Poll
Your favorite series has been going for a while now. You...
Want it to continue forever
Want it to end before it turns worse
Want the author to stop to start a completely new series
Want a spin-off story of it
 
See Old Polls

Manga is the Japanese equivalent of comics
with a unique style and following. Join the revolution! Read some manga today!

Coded in ConTEXT

Join #baka-updates @irc.irchighway.net

RSS Feed
 
center_left_tab News center_right_tab
News Article
Mangatraders Hacked, and How it Affects MU
As some of you may already know, Mangatraders was hacked and a bunch of usernames, emails, and passwords (apparently in unsalted MD5) was released onto the Internet. Rest assured, it does not appear MangaUpdates has been hacked. However, a significant number of emails in the list from MangaTraders match user accounts on MangaUpdates. If you had an account on MangaTraders, it is advised that you change your account here.

- Manick and lambchopsil
Posted by lambchopsil on June 10th 7:54am Comments ( 81 )  [ View ]  [ Add ]
Comments

» deadphoenix on June 10th, 2014, 1:16am

Is it possible to change the user name?

thread

» amaru007 on June 10th, 2014, 1:24am

Yoinks!
Time to change every password I can remember...
If I haven't done it already from whatever the last fiasco was

thread

» deadphoenix on June 10th, 2014, 2:08am

Quote from amaru007
Yoinks!
Time to change every password I can remember...
If I haven't done it already from whatever the last fiasco was


The issue is I can't remember my password on MT any more, however it seems I didn't use my MT password somewhere else. So I'm save, however where to download manga now... A lot of groups don't give a download option sad and I prefer to read with my picture viewer (except for scroll manwha).

thread

» lambchopsil on June 10th, 2014, 1:26am

Quote from chomio
Is it possible to change the user name?

You must pm or email me your request

thread

» Truzero on June 10th, 2014, 1:33am

Oh, could you answer the question I just asked?

thread

» firestalker on June 10th, 2014, 5:31am

He meant you have to email or pm in order to change it... there is no option for you to do it yourself.

thread

» Truzero on June 10th, 2014, 1:32am

Were users required to add an e-mail address to an account on MT, or was that an optional thing like on Reddit? Same question for this website.

thread

» lambchopsil on June 10th, 2014, 1:43am

Quote from Truzero
Were users required to add an e-mail address to an account on MT, or was that an optional thing like on Reddit? Same question for this website.

I don't know about MT since I don't have an account there, but MU requires an email during registration, and the new account is inaccessible until the email is verified/confirmed.

thread

» GuttedGnome on June 10th, 2014, 1:39am

Wait wait wait! Press all the buttons and pull in all levers to stop this machine! Unsalted MD5? Seriously? What were they thinking! Even if every person on this planet facepalmed it would still not be enough faces to palm for this stupidity. *sigh*

Anyways, luckily I had a different password for mangatraders but... -_____-

thread

» barbapapa on June 10th, 2014, 3:14am

all fine and dandy but this site isn't letting my change my password, I enter all the information correctly but then it says I need to put the same email address in twice WHICH I AM DOING

thread

» NightSwan on June 10th, 2014, 4:37am

You don't need to fill the email box if you only want to change your password.

thread

» barbapapa on June 10th, 2014, 8:56am

apparently that wasn't working, but it's all set now

thread

» fujima on June 10th, 2014, 4:23am

Hope they to fix it sad mangatrader is one of the only surviving reliable source for old and new manga downloading GOOD LUCK

thread

» Knightzomegaz on June 10th, 2014, 4:39am

Lol, I didn't know what mangatrader is,
I Google it ^^

Or more like, I don't know that site

thread

» sakura_petals on June 10th, 2014, 4:46am

MU I gather equals manga university?

thread

» forgottenone666 on June 10th, 2014, 4:55am

Quote from sakura_petals
MU I gather equals manga university?


It means mangaupdates.

thread

» Shibiusa on June 10th, 2014, 7:48am

I believe it's unecessary to change everything here. Only the password if that was shared. My e-mail here and there is the same, but not the password. I won't change a thing. My MangaTraders password is an old one I don't use for years now, so no worries.

thread

» Bernchan on June 10th, 2014, 9:18am

>Mangatraders was hacked and a bunch of usernames, emails, and passwords (apparently in unsalted MD5) was released onto the Internet
>unsalted MD5
Just wow.. roll eyes
Spoiler (mouse over to view)
and i thought those ebay guys were incompetent..

thread

» Hanae on June 10th, 2014, 9:39am

Whoops... I have an account there I haven't used for years, I have no idea what e-mail I used with it and what the password was...

thread

» kainord on June 10th, 2014, 10:20am

Ok, i just want to ask because i don't understand it. Even if they hacked MT and got mail and passwords and so for example from me, how could they harm me? How could they find out where to use my info that they have from MT?

thread

» lambchopsil on June 10th, 2014, 10:34am

Quote from kainord
Ok, i just want to ask because i don't understand it. Even if they hacked MT and got mail and passwords and so for example from me, how could they harm me? How could they find out where to use my info that they have from MT?

First, they can easily crack unsalted MD5 passwords. If that email/password combination was used on any other site, they could log into that site as you and try to do any number of things, including social engineering attacks. An end goal would be to get into the email account itself, which could cause huge amounts of problems.

thread

» Zuan on June 10th, 2014, 10:24am

I found the first portion of the list of emails/passwords that was leaked... mine was on there... sob...

thread

» Truzero on June 10th, 2014, 11:38am

Where can we find this list?

thread

» chueisha on June 10th, 2014, 4:16pm

Google the list. There is a 4chan archive somewhere that links to a partial list. If your pw is not on it you're still not safe though, so definitely change.

Thank goodness I made an account on MT when I was 14 so the pw is no longer used anywhere else. Saw my old email and pw though cry

thread

» kainord on June 10th, 2014, 10:40am

Ok, but how to they know what site to try? How could they trace back the sites that i use? I don't have a clue on technical stuff. And what if they got my email account?

thread

» Kemm on June 10th, 2014, 11:51am

Were these guys
http://leak.sx/thread-293445

the ones responsible?

I had already changed most of my passwords prior to this, but doing it once again doesn't do harm.

And yes, I tried. It's unsalted MD5 (I checked with my PW there). Weird enough their own PW (which appears at least 3 times), it's not.

thread

» sakura_petals on June 10th, 2014, 4:33pm

I have an account on MU, but not account at mangatraders, am I safe?

Thank you.

thread

» chueisha on June 10th, 2014, 4:34pm

Quote from sakura_petals
I have an account on MU, but not account at mangatraders, am I safe?

Thank you.


MU wasn't hacked. MT was. I guess you're safe.

thread

» sakura_petals on June 10th, 2014, 6:09pm

Thank you smile

thread

» HikaruYami on June 10th, 2014, 4:48pm

Unsalted MD5?! Oh my fucking god, how incompetent can they be??

lambchopsil, from the way you said that, it's obvious that the passwords here are at least salted, but now I just have to check, you guys aren't using MD5, right? I hope you're using at *least* SHA-1.... SHA-256 or so is preferred....

thread

» chueisha on June 10th, 2014, 5:15pm

Since the list isn't and shouldn't be posted, here's a pretty nifty tool credits to Nuck from reddit: http://anipasscheck.herokuapp.com/

Put in your email and check.

thread

» alidan on June 10th, 2014, 5:17pm

well, how do you read an md5?
i downloaded an i assume full list because it has 905000~ accounts, and i see my email there

not going to bother changeing passwords because i just dont care, everything of importance uses its own set of passwords, and everything that i consider throwaway uses a different, but i want to see if i can get my own password from it so i know which of the throw away ones is compromised.

thread

» Pionfou on June 10th, 2014, 7:27pm

I have an account but don't know which e-mail (likely dead) or password I used. I guess I should go change the password on some sites that use the throwaway password including this one.

Why do I feel oddly conflicted about throwaway passwords... almost like a large portion of my life was spent on those sites.

thread

» on June 10th, 2014, 7:32pm

At least you can access your MU account. I had to make another (hopefully temporary) one because after changing the password it's asking me to verify my e-mail account via a non-existent e-mail. If I try to get the site to reset the e-mail to try and get another one sent it says the account doesn't exist -_-

thread

» chueisha on June 10th, 2014, 7:59pm

That's weird. I changed my pw just now and it didn't ask for my verification. Have you contacted one of the admins?

thread

» lambchopsil on June 10th, 2014, 8:58pm

Quote from chueisha
That's weird. I changed my pw just now and it didn't ask for my verification. Have you contacted one of the admins?

He tried to change his email at the same time as his password, and the email he input wasn't actually a correct email address, so he locked himself out of his own account

thread

» Daemonblue on June 10th, 2014, 9:15pm

Thank you oh so very much. I see now, I filled in the e-mail thinking I had to type it in as well for the password change -_-

thread

» HikaruYami on June 11th, 2014, 8:43am

Quote
well, how do you read an md5?


There are MD5 lookup tables online at this point.... It was *designed* as a cryptographic hash function, but there are obscure mathematical ways of breaking it now. It's not incredibly fast to do so yet, but so many have been done already and if someone really wanted your password, they could reverse-engineer either it or one that hashes to the same thing under unsalted MD5.

thread

» Il Palazzo-sama on June 18th, 2014, 5:48am

Quote from HikaruYami
It's not incredibly fast to do so yet

The current method seems fast enough to be practical. (see Wikipedia)

thread

» Bakkou on June 10th, 2014, 10:11pm

Oh wow, I didn't even realise MT got hacked, after some googling I found the list and behold, my account and trusty old password was there. Now a mass password change begins.

thread

» PansyWansyLinsy on June 10th, 2014, 11:37pm

I'm so freakin' angry about this and even more angry at MT. I've been using MT as long as I've been using MU, if not longer. I had a pretty simple password that I used on MT that I've used on many, many other sites that I frequent for leisure (forums, manga websites etc.). Of course, I don't have the same password for important websites like email, banking, credit card etc (I have unique passwords for each of those). However, there's been plenty of other websites and forums that I've long abandoned for which I've used that same password.

Fortunately, I never updated my email for MT. The email address that I had registered for MT (which is showing up as one of those compromised) was hacked a long time ago and I've since stopped using it. I've only now just deleted it for safety's sake. I'm sooooo relieved that I never bothered updating my email info, though. After my old email got hacked, I went to my most frequented sites and updated all my email information. MT must have (thankfully) fallen through the cracks. I probably would have had an aneurysm if my current email had been the one compromised.

Ugh, consider it lesson learned. I'm not even going to use my normal email for any type of frivolous site. I've taken to registering for scanlator forums etc. with one of my throwaway emails every since the email hack.

thread

» tsuto on June 11th, 2014, 3:35am

I don't remember my Mangatraders pass, but I think the one I used there wasn't used in any other site.

thread

» cmertb on June 11th, 2014, 2:44pm

There is some thread on reddit discussing the MT issue, and there are screenshots posted there that show admin access to MU and to MAL (with the assumption that admin account passwords were gained from the MT crack since some admin used the same password here and on MT). Sorry if this has already been discussed, I spent the time changing all my passwords before I went looking for info. sad

Anyway, if it is indeed the case, what kind of mischief can we expect from that? Wouldn't it be prudent to reset the passwords for all admins and mods?

thread

» chueisha on June 11th, 2014, 4:25pm

I think MU caught onto this and already took action. Someone probably cross listed the list with one of the admins and figured out the login.

thread

» godzilla210 on June 11th, 2014, 3:25pm

I checked mine here:
https://haveibeenpwned.com/
and the site you've mentioned above.... thankfully i'm in the safe zone... I hope they'll recover soon...

thread

» Kemm on June 12th, 2014, 2:29am

http://anipasscheck.herokuapp.com/ doesn't really work (it says tham I'm safe when I've found lists with my PW there).
https://haveibeenpwned.com/ does work, though.

thread

» strixflash on June 11th, 2014, 6:29pm

Thanks for the info!

thread

» cloudsora on June 11th, 2014, 7:10pm

Didn't realize Mangatraders was this big that it would warrant a post by admins but I'm an active contributor on there. LUCKILY I have my shittiest password for that one that I only use on accounts that don't really have... anything worth stealing.

thread

» Omochi on June 11th, 2014, 7:24pm

Well that's just peachy.

I found my email on the uncracked password list and pretty much cracked it myself. It was so simple and fast to crack that it's really quite pathetic. Completely unimpressed. mad I just had to use a primary email address on that site didn't I? *sigh*

Well, time to bunker down and wait for the incoming spam wave. *puts on tin foil hat*

thread

» tart on June 11th, 2014, 9:12pm

Well to summarize what I've learned from scouring 4chan archives in the last couple hours for those interested:

- HorribleSubs admin (matt) exploited and gained access to everything (including PayPal donors information). BotoX posted the database and snowfag cracked some of the md5 hashes.
(Or in other words, someone found an exploit in the site that gave him root privileges on the webserver. He publicized that exploit elsewhere, where snowfag et al. used the database to get everyone's logins. The person who publicized the exploit/database in the first place was (at least ostensibly) acting with good intentions in mind.). Basically the hacking was done for laughs, but no money was taken.

- MT doesn't seem to be planning to come back (as the owners were trying to sell it for $10K anyway).

- Thanks to MT's staff, certain people have direct access to download servers (until June 14th I think?) and are downloading the entire library (1.6 TB) to make a new manga download site in the works (most likely just torrents)

thread

» kyashi39 on June 14th, 2014, 2:27am

Quote from tart
Thanks to MT's staff, people have direct access to download servers (until June 14th I think?) and are downloading the entire library (1.6 TB) to make a new manga download site in the works (most likely just torrents)


how? T A T;;? where can i have direct access to download servers?
i still have more to dl. since i lost my copy bec. my hdd gave up this year.

thread

» Sogno on June 11th, 2014, 9:39pm

salted passwords?

you guys need pepper with your salt.

thread

» HikaruYami on June 13th, 2014, 1:17pm

It's a salted hash, not a salted password.

Anyway, a salted hash just means a randomly-generated string was appended (or prepended) to your password before the hash function was computed on it. This salt (the randomly-generated string) is stored in plaintext on the server with the hash, so the hash can be recomputed later. This means that salting passwords doesn't grant additional protection when you're only trying to break one password, but it does grant protection from someone trying to just decrypt everyone's passwords all at once.

A peppered hash means that a randomly-generated string (this time called a pepper) is used as an encryption key for an underlying encryption function within the hash function. Fast hash functions like the SHA family or MD5 don't use underlying encryption functions that can be peppered, so this notion has mostly lost its place in the literature. But my point here is that it was impossible to pepper the hashes on MT because they were using MD5.

thread

» npcomplete on June 12th, 2014, 3:54am

Since there are pics from the reddit thread showing someone gaining admin access here, do they have access to the password db?

thread

» tgirl on June 13th, 2014, 12:00am

Checked the havebeenpwned and yep, my e-mail was definitely in MT's database. I haven't even used MT for years so I don't even remember what password I used back then.

I have changed my passwords for most of the sites I used, anyways. To be on the safe side.

thread

» weronique on June 13th, 2014, 12:22pm

Does anybody have any further information about them? When will they be back? Will they be back? none

thread

» kyashi39 on June 14th, 2014, 2:34am

Quote from weronique
Does anybody have any further information about them? When will they be back? Will they be back? none


i tried tweeting to their tweeter account... there's still no new update from them.

i don't know where the rumor came from that they'll never be back, or/and they're selling it for 10k dollars. all i know is they're still 404 - error or...

"The site is currently under going maintenance or repair, please check back in later.

Early on June 09th 2014 EDT we discovered that someone had gained unauthorized access to our web server. All the contents of our database were downloaded and released to the internet. This data included private user information such as email addresses and obscured passwords for all registered users. Anyone that used the same password for MT as for any other online services should change their passwords as soon as possible. Your online accounts could be compromised if malicious users reverse engineer your MT password from this data dump and log into your other accounts.

The site will remain offline until we can implement a more robust system for maintaining password integrity at which time all users will be required to change their passwords. We believe the attacker gained access to the site's database through the forums so they will remain offline indefinitely while we investigate possible alternatives.

We deeply apologize for this incident and all the inconvenience it has caused and hope to move past it and come back safer and more secure than ever. It has been a trying few weeks for Mangatraders but we've weathered storms in the past and we'll weather this one as well."

thread

» kyashi39 on June 14th, 2014, 2:35am

i found it... i mean the http://pastebin.com/fzgRhdYd where IRC talk about 10k dollars, and MT going down permanently. i still wish this is not true.

thread

» weronique on June 14th, 2014, 9:05am

Quote from kyashi39
i found it... i mean the http://pastebin.com/fzgRhdYd where IRC talk about 10k dollars, and MT going down permanently. i still wish this is not true.


Thanks for finding this out... man this sucks... it's getting more and more complicated to read manga, I always used mangatraders and this place and now MT is gone and we can't get scanlation group's sites here anymore... :/

thread

» betmen on June 14th, 2014, 1:40am

this is suck, mangatraders is the best site to download manga.

thread

» HanaTenshiHimeko on June 14th, 2014, 2:04am

Well, I'm mad. I didn't get a chance to save my digital files before MT went down. And I tried changing my pw on MU the other day, but it seem like it didn't work. Oh well, there's nothing to steal from my MU account anyway, unless they want to see my lists of what I've been reading.

thread

» guy12 on June 14th, 2014, 10:05am

So for me it seems that for a few guys' "look what I can do" Stuart moment we're losing one of the best and most valuable manga sites ever. Bravo! Stuart would surely be happy for getting so many similar-minded friends, guys :^)

thread

» Love Witch on June 14th, 2014, 10:19am

I'm wondering, so they published the username - password - email combination. If for other websites, I used another username, but with the same email and password, how big of a risk would this be?

I also just noticed that the MU FAQ does not include "How to change your password", but only has "How do I change my username?" and "I've lost my username or password!". I did find how to change it smile

thread

» HanaTenshiHimeko on June 14th, 2014, 11:51am

Quote from Love Witch
I'm wondering, so they published the username - password - email combination. If for other websites, I used another username, but with the same email and password, how big of a risk would this be?

I also just noticed that the MU FAQ does not include "How to change your password", but only h ...


LoveWitch, I suggest you change your pw anyway. That Leak site posted up the email addresses and mine was up there.

thread

» lambchopsil on June 14th, 2014, 11:27pm

Quote from Love Witch
I also just noticed that the MU FAQ does not include "How to change your password", but only has "How do I change my username?" and "I've lost my username or password!". I did find how to change it smile

Edit Profile functionality via the User CP

thread

» Gradonil_Ral on June 15th, 2014, 3:46am

Damn. That's the first time my email has been included in a data leak none

Thankfully, I've been using LastPass since last year and all of my passwords are now random unique alphanumeric, case sensitive strings (with special characters), at least 18 characters long.

thread

» ZettaiFujoshi on June 15th, 2014, 4:19am

First time my email has been included in a data leak too. Luckily, the password I used on MT was an easy one that I don't use anywhere else. But I still changed all my passwords just to be on the safe side since the email was my primary email. (I've since changed my primary emails on various important sites to a new one).

I think everyone should change their passwords on other sites, even if you think you're safe. Well, despite all the trouble this has caused me, I'm now making randomly generated passwords a habit. and to not use my primary email to sign up. eyes

thread

» BThundr on June 16th, 2014, 11:57pm

Hi all,

I'm sorry if this has been asked already but I just wanted some clarification regarding the Mangatraders hacking incident.

I went on google and searched for the "lists" that show who is effected by this incident and I found my email amongst the many others that are effected in the list. Therefore, I was just wondering what we (the people who had accounts with Mangatraders) should be doing to stop the many potential problems that could come from this data leak?

thread

» strixflash on June 17th, 2014, 4:31am

Quote from BThundr
Hi all,

I'm sorry if this has been asked already but I just wanted some clarification regarding the Mangatraders hacking incident.

I went on google and searched for the "lists" that show who is effected by this incident and I found my email amongst the many others that are effected in the ...

Change your password on other sites if you are using the same password as that of MT.

thread

» Anima on June 17th, 2014, 4:38am

I didn't know mangatraders was still alive after all these years...

thread

» emer on June 22nd, 2014, 12:34am

Well, I don't really know all too well how your security is here, but someone got in:
http://archive.foolz.us/a/thread/108583122/#q108587625

thread

» lambchopsil on June 22nd, 2014, 8:13am

Quote from emer
Well, I don't really know all too well how your security is here, but someone got in:
http://archive.foolz.us/a/thread/108583122/#q108587625

Old news

thread

» eirini_kl on June 26th, 2014, 1:19pm

Seems like the site is completely down now, not even the message from the Mangatraders staff is displayed anymore (instead it says 'webpage not available'). I was afraid this might happen and frankly I'm not very hopeful the site will ever function again, but I hope the admins will find some other way to make their archive available again...Has anyone else got any new information on the subject?

thread

» Truzero on July 1st, 2014, 12:04am

I don't think it's gone for good. I'm sure they are just reworking some stuff. Fingers crossed.

thread

» Great on July 1st, 2014, 11:24pm

100% down.....
http://www.mangaupdates.com/showtopic.php?tid=46806&h l=mangatrader
Still hoping there could be next legacy....
a successor at least.

thread

» Corpse69 on July 8th, 2014, 8:17pm

i really hope so too i need an alternative to manga traders anyone got any? i hope a clone of MT pops up otherwise we are up shit creek

thread

» ShizukaSana on July 9th, 2014, 12:42pm

I guess that those who donate should be more worried. For example I just download there. And looks great on my phone, but that's all I did there xD

I hope that they come out again or another one like them sad

thread

» toshirodragon on July 9th, 2014, 2:03pm

I discovered a stop gap of a sorts to the loss of Manga Traders. By downloading the ripper Manga Crazy, I can take old chapters off of Batoto. It's actually as fast as downloading a zip.

The down side is sometimes the files are named very generically ie IMG 10 and such, but it's been useful for getting several chapters of mangas that have gone through several scanlators.

thread

» Dass Jennir on July 11th, 2014, 1:27pm

where did you find this program?

thread

» Cooper on July 15th, 2014, 11:41am

Oh boy, I'm afraid for the bright future of manga pirating. Back in the day there were so many great (or not so great) sites to pirate manga from. But nowadays it seems like the only ones left untouched are fckng online readers. Almost all others are dead due to financial problems, lack of will to go on, bending over to evil publishers or some other sht.

On topic: Got pwned as well cry It's gonna be a real pain to change it in all those non-personal sites. Not sure if it's worth the bother though.

thread

» animeaddict1068 on July 24th, 2014, 4:28am

Oh My... I kept wondering why I can't open the site... *cries in a corner*

thread

Manga Search
MANGA Fu
MEMBERS
TEAM-BU


footer