Due to the dangerous misconfiguration of a third-party database owner, personal data of 23 million users was exposed.

Users of Mangatoon, which is a comic reading platform and also is a very popular iOS and Android app, became victims of an intruder. Data breach concerns 23 million user accounts.

Due to the breach, email addresses, names, genders, social media account identities and some other data was exposed. The problem was at the side of a contractor, named Elasticsearch. One of its servers wasn’t protected appropriately, because weak credentials were used. This made the attack possible.

The malicious act was conducted by infamous “pompompurin”, which is known for sending of fake cyberattack emails and stealing customer data from Robinhood. 

With the permanent growth of information security incidents it’s crucial to strengthen any organization’s security perimeter. A mixture of various measures, including such basic and important issues, as complex credentials, two-factor authentication together with regular trainings to increase employees’ information security awareness will be helpful.  Also, the assistance of advanced software can help a lot.  Such software should detect weak combinations of login and password, as well as tampering or other users’ suspicious activities. The SIEM system deals with these tasks.