Until very recently, scanlation platform MangaDex was riding on the crest of a wave. Growing its audience at an impressive rate, the scan/translation site was entertaining tens of millions of manga fans per month but then a storm appeared on the horizon.
On March 17, MandaDex’s operators said they had discovered that a “malicious actor” had gained access to an administrator account by using information found in an old database leak. It was possible to identify and patch the vulnerable piece of code but then more problems raised their head.
Early March 20, an attacker gained additional access to a developer account. This was quickly noticed and shut down but the assailant still managed to email a handful of users warning of a database leak. What followed was a demand for a ransom to be paid – $10,000 in bitcoin – but MangaDex didn’t want to play that game.
After taking the decision to keep the site down, work on a new version of the site (v5) was stepped up. Users were warned that some of their data could’ve been compromised and were given advice to change any passwords on other sites that may have been duplicated on MangaDex.
MangaDex Code Appears on Github
Since then, aside from the occasional update on Twitter, the MangaDex team has remained relatively quiet. The main page of the site carrying news about the hack hasn’t been updated so, at the time of writing, it isn’t clear when a new version of the site will go live. In the background, however, the team has also been working on another matter.
On March 14, 2021, a user created a new account on Github, later creating his/her first repository titled ‘mangadex’. That has now been removed from the platform, apparently due to action by MangaDex.
This week Github published a DMCA notice relating to the hack. It is dated March 18, which suggests that for one reason or another, the coding platform has been sitting on the notice for a while. The notice is semi-redacted but the general gist is that someone acting on MangaDex’s behalf requested a takedown on copyright grounds.
“I’m a [redacted] for the website that the code originated from acting on the original owner’s behalf,” the notice reads.
“The original copyrighted work being infringed is the PHP, Javascript, and HTML templates that make up the entirety of our website. The user that created the repo claims to have attained it and the entirety of our database through a PHP RCE and is attempting to ransom us for $10,000 USD to have it taken down.”
With that, the notice sender identified four URLs – one relating to where the code was first leaked plus another three forks. Each one has now been taken down by Github, with the three forks showing a copyright notice and the original a “404” message.
A Sneak Peak of the New MangaDex Site
Whether that will be an end to the matter remains to be seen but what most MangaDex users want to know now is when the site will be back up and running. On Thursday, in an announcement on Twitter, MangaDex’s operators appeared to offer a “sneak peek” of things to come but for most users, it wasn’t really what they were hoping for.
One of our devs finally allowed us to share a sneak peek of MangaDex v5.
Check it out now! https://t.co/8JzvJNiQ1j pic.twitter.com/2vY2JZEqHa— MangaDex (@MangaDex) April 1, 2021
At the time of writing, MangaDex has not responded to our requests for comment regarding the DMCA notice or an update on progress in respect of v5. We’ll post here should that arrive.