Thanks for the info!
Last edited by strixflash at 6:36 pm, Jun 11 2014
________________
Manga Poll
Manga is the Japanese equivalent of comics
with a unique style and following. Join the revolution! Read some manga today!
Join #baka-updates @irc.irchighway.net
RSS Feed
Mangatraders Hacked, and How it Affects MU
From User
Message Body
Post #644418
Noblesse Forever!
Member
6:29 pm, Jun 11 2014
Posts: 1067
Didn't realize Mangatraders was this big that it would warrant a post by admins but I'm an active contributor on there. LUCKILY I have my shittiest password for that one that I only use on accounts that don't really have... anything worth stealing.
________________
Currently Reading: Gave up counting after 100 Manga...
Currently Watching: everything
________________
Currently Reading: Gave up counting after 100 Manga...
Currently Watching: everything
Member
7:24 pm, Jun 11 2014
Posts: 8
Well that's just peachy.
I found my email on the uncracked password list and pretty much cracked it myself. It was so simple and fast to crack that it's really quite pathetic. Completely unimpressed. I just had to use a primary email address on that site didn't I? *sigh*
Well, time to bunker down and wait for the incoming spam wave. *puts on tin foil hat*
I found my email on the uncracked password list and pretty much cracked it myself. It was so simple and fast to crack that it's really quite pathetic. Completely unimpressed. I just had to use a primary email address on that site didn't I? *sigh*
Well, time to bunker down and wait for the incoming spam wave. *puts on tin foil hat*
Member
9:12 pm, Jun 11 2014
Posts: 302
9:12 pm, Jun 11 2014
Posts: 302
Well to summarize what I've learned from scouring 4chan archives in the last couple hours for those interested:
- HorribleSubs admin (matt) exploited and gained access to everything (including PayPal donors information). BotoX posted the database and snowfag cracked some of the md5 hashes.
(Or in other words, someone found an exploit in the site that gave him root privileges on the webserver. He publicized that exploit elsewhere, where snowfag et al. used the database to get everyone's logins. The person who publicized the exploit/database in the first place was (at least ostensibly) acting with good intentions in mind.). Basically the hacking was done for laughs, but no money was taken.
- MT doesn't seem to be planning to come back (as the owners were trying to sell it for $10K anyway).
- Thanks to MT's staff, certain people have direct access to download servers (until June 14th I think?) and are downloading the entire library (1.6 TB) to make a new manga download site in the works (most likely just torrents)
Last edited by tart at 12:48 pm, Jun 14 2014
- HorribleSubs admin (matt) exploited and gained access to everything (including PayPal donors information). BotoX posted the database and snowfag cracked some of the md5 hashes.
(Or in other words, someone found an exploit in the site that gave him root privileges on the webserver. He publicized that exploit elsewhere, where snowfag et al. used the database to get everyone's logins. The person who publicized the exploit/database in the first place was (at least ostensibly) acting with good intentions in mind.). Basically the hacking was done for laughs, but no money was taken.
- MT doesn't seem to be planning to come back (as the owners were trying to sell it for $10K anyway).
- Thanks to MT's staff, certain people have direct access to download servers (until June 14th I think?) and are downloading the entire library (1.6 TB) to make a new manga download site in the works (most likely just torrents)
Last edited by tart at 12:48 pm, Jun 14 2014
Member
9:39 pm, Jun 11 2014
Posts: 362
salted passwords?
you guys need pepper with your salt.
________________
WEBTOONS ヽ( ★ω★)ノ
you guys need pepper with your salt.
________________
WEBTOONS ヽ( ★ω★)ノ
http://anipasscheck.herokuapp.com/ doesn't really work (it says tham I'm safe when I've found lists with my PW there).
https://haveibeenpwned.com/ does work, though.
https://haveibeenpwned.com/ does work, though.
Post #644446
Member
3:54 am, Jun 12 2014
Posts: 3
3:54 am, Jun 12 2014
Posts: 3
Since there are pics from the reddit thread showing someone gaining admin access here, do they have access to the password db?
hoo ha
Member
12:00 am, Jun 13 2014
Posts: 247
Checked the havebeenpwned and yep, my e-mail was definitely in MT's database. I haven't even used MT for years so I don't even remember what password I used back then.
I have changed my passwords for most of the sites I used, anyways. To be on the safe side.
________________
- Looking for memory related manga/manhwa? -> click me
- Public webtoon list -> click me
Zero-Sum manga fix status (-super thank you, admins-) -> http://bit.ly/1mTntim
I have changed my passwords for most of the sites I used, anyways. To be on the safe side.
________________
- Looking for memory related manga/manhwa? -> click me
- Public webtoon list -> click me
Zero-Sum manga fix status (-super thank you, admins-) -> http://bit.ly/1mTntim
Does anybody have any further information about them? When will they be back? Will they be back?
________________
http://society6.com/weroni
Get my paintings and accessories ♫
________________
http://society6.com/weroni
Get my paintings and accessories ♫
Member
1:17 pm, Jun 13 2014
Posts: 378
1:17 pm, Jun 13 2014
Posts: 378
It's a salted hash, not a salted password.
Anyway, a salted hash just means a randomly-generated string was appended (or prepended) to your password before the hash function was computed on it. This salt (the randomly-generated string) is stored in plaintext on the server with the hash, so the hash can be recomputed later. This means that salting passwords doesn't grant additional protection when you're only trying to break one password, but it does grant protection from someone trying to just decrypt everyone's passwords all at once.
A peppered hash means that a randomly-generated string (this time called a pepper) is used as an encryption key for an underlying encryption function within the hash function. Fast hash functions like the SHA family or MD5 don't use underlying encryption functions that can be peppered, so this notion has mostly lost its place in the literature. But my point here is that it was impossible to pepper the hashes on MT because they were using MD5.
Anyway, a salted hash just means a randomly-generated string was appended (or prepended) to your password before the hash function was computed on it. This salt (the randomly-generated string) is stored in plaintext on the server with the hash, so the hash can be recomputed later. This means that salting passwords doesn't grant additional protection when you're only trying to break one password, but it does grant protection from someone trying to just decrypt everyone's passwords all at once.
A peppered hash means that a randomly-generated string (this time called a pepper) is used as an encryption key for an underlying encryption function within the hash function. Fast hash functions like the SHA family or MD5 don't use underlying encryption functions that can be peppered, so this notion has mostly lost its place in the literature. But my point here is that it was impossible to pepper the hashes on MT because they were using MD5.
Member
1:40 am, Jun 14 2014
Posts: 130
this is suck, mangatraders is the best site to download manga.
________________
________________
Post #644599
Member
2:04 am, Jun 14 2014
Posts: 60
2:04 am, Jun 14 2014
Posts: 60
Well, I'm mad. I didn't get a chance to save my digital files before MT went down. And I tried changing my pw on MU the other day, but it seem like it didn't work. Oh well, there's nothing to steal from my MU account anyway, unless they want to see my lists of what I've been reading.
Quote from tart
Thanks to MT's staff, people have direct access to download servers (until June 14th I think?) and are downloading the entire library (1.6 TB) to make a new manga download site in the works (most likely just torrents)
how? T A T;;? where can i have direct access to download servers?
i still have more to dl. since i lost my copy bec. my hdd gave up this year.
Quote from weronique
Does anybody have any further information about them? When will they be back? Will they be back?
i tried tweeting to their tweeter account... there's still no new update from them.
i don't know where the rumor came from that they'll never be back, or/and they're selling it for 10k dollars. all i know is they're still 404 - error or...
"The site is currently under going maintenance or repair, please check back in later.
Early on June 09th 2014 EDT we discovered that someone had gained unauthorized access to our web server. All the contents of our database were downloaded and released to the internet. This data included private user information such as email addresses and obscured passwords for all registered users. Anyone that used the same password for MT as for any other online services should change their passwords as soon as possible. Your online accounts could be compromised if malicious users reverse engineer your MT password from this data dump and log into your other accounts.
The site will remain offline until we can implement a more robust system for maintaining password integrity at which time all users will be required to change their passwords. We believe the attacker gained access to the site's database through the forums so they will remain offline indefinitely while we investigate possible alternatives.
We deeply apologize for this incident and all the inconvenience it has caused and hope to move past it and come back safer and more secure than ever. It has been a trying few weeks for Mangatraders but we've weathered storms in the past and we'll weather this one as well."
i found it... i mean the http://pastebin.com/fzgRhdYd where IRC talk about 10k dollars, and MT going down permanently. i still wish this is not true.
Last edited by kyashi39 at 3:26 am, Jun 14 2014
Last edited by kyashi39 at 3:26 am, Jun 14 2014
Search
- MANGA Fu
- News
- What's New!
- Series Stats
- Forums
- Releases
- Scanlators
- Series Info
- Mangaka
- Publishers
- Reviews
- Genres
- Categories
- FAQ
- Members
- API
- MEMBERS
- Sign Up
- TEAM-BU
- Admin CP
- About Us