MangaGamer reports database security breach

Discussion in 'News' started by Hanners, Aug 28, 2014.

  1. Hanners

    Hanners Strawberry Sae forever

    Joined:
    Sep 30, 2004
    Messages:
    4,118
    Likes Received:
    1
  2. Acteon

    Acteon Behind you...

    Joined:
    Jun 21, 2004
    Messages:
    695
    Likes Received:
    40
    Gawd, not another one. These hackers are getting seriously out of hand. Can't we just put together a government task force and have them tracked down and shot? :/
     
  3. Martin

    Martin guitaku
    Staff Member

    Joined:
    Aug 27, 2004
    Messages:
    299
    Likes Received:
    5
    To quote that bowl of petunias: "oh no, not again."
     
  4. Necro

    Necro Grim User

    Joined:
    Jan 19, 2010
    Messages:
    1,727
    Likes Received:
    7
    Great.

    I guess there's no better time then now for that security overhaul I have been meaning to do. It's just so much effort :/
     
  5. Shadow Cat

    Shadow Cat HelloKittyIsMyWaifu

    Joined:
    Feb 21, 2013
    Messages:
    2,199
    Likes Received:
    15
    Worse when you can't remember what Password you used.

    Just home they don't get access to my MG account and use all my VN keys (or whatever they're called)
     
  6. Shadow Cat

    Shadow Cat HelloKittyIsMyWaifu

    Joined:
    Feb 21, 2013
    Messages:
    2,199
    Likes Received:
    15
    Oh wow MangaGamer, You stored all the passwords in plaintext.. That was kind of you

    Thankfully I didnt use the same username or password anywhere else.
     
  7. latro

    latro Anime Editor
    Staff Member

    Joined:
    Aug 17, 2009
    Messages:
    1,012
    Likes Received:
    2
    Helpfully their website appears to be down so I can't even get on to change the password....
     
  8. megalomaniac

    Joined:
    Mar 11, 2010
    Messages:
    1,648
    Likes Received:
    7
    How about we just slap huge fines on negligent companies that don't take data protection seriously instead. Storing passwords in plain text requires either a monumental level of stupidity or total negligence. Lax data security is like leaving your filing cabinet unlocked and out in the street, then acting surprised when someone rifles though it.
     
  9. Necro

    Necro Grim User

    Joined:
    Jan 19, 2010
    Messages:
    1,727
    Likes Received:
    7
    Well I've bothered to start using LastPass and have changed most accounts of importance to passwords I don't even know :p Luckily MangaGamer had my old email I don't have anything important linked to, but annoyingly my listed username was a current one, complete with common password and everything. I think I've gotten most things of value locked down now, though.

    Still annoying.
     
  10. demon

    demon Registered

    Joined:
    Jun 24, 2004
    Messages:
    488
    Likes Received:
    3
    There is no point changing the password until they've fixed the problem (also they'll send out a password reset email once they've fixed it).
     
  11. Shiroi Hane

    Shiroi Hane Baka Ranger

    Joined:
    Nov 9, 2004
    Messages:
    316
    Likes Received:
    0
    I started using LastPass after Heartbleed, since I couldn't remember what password I'd used on which sites that might have been affected.
     
  12. Necro

    Necro Grim User

    Joined:
    Jan 19, 2010
    Messages:
    1,727
    Likes Received:
    7
    I'm pretty impressed with it so far. Previously I have used KeePass, but stopped due to terrible browser integration. LastPass however is brilliant. Would have liked to learn a bit more about the alternatives and the security of each of them but I can't complain.
     
  13. megalomaniac

    Joined:
    Mar 11, 2010
    Messages:
    1,648
    Likes Received:
    7
    I can help with that, a quick summery:
    The problem with LastPass is you have to trust their servers to keep your passwords safe, they're a big target and they had a few issues in the past which caused me to ditch them. The other problem with them is the subscription costs for the mobile apps. If you want to use your passwords on the go then you're on the hook to pay them every year.

    You've already identified the main problem with Keepass, it sucks for ease of use.

    1Password has good integration and you don't have to trust someone else's servers. The problem with them is everything works better on Apple ptoducts, though that is slowly changing. Their apps are a one off charge.

    Outside of that they were all a bit crap last time I looked.
     
  14. Necro

    Necro Grim User

    Joined:
    Jan 19, 2010
    Messages:
    1,727
    Likes Received:
    7
    Cheers for that.

    Assuming the password vaults are stored in encrypted form (with my master being the way in) I don't have issue with it. I would like to locate a local copy of the file but their site doesn't like telling you. For the time being, not too much of a worry. As for mobile use, I don't have too much need for it, but it's not that expensive and I'm willing to pay for ease of use. I need to support more software considering my likely career path :p

    I will have a look at 1Password though, just to see if it would be better.
     
  15. Martin

    Martin guitaku
    Staff Member

    Joined:
    Aug 27, 2004
    Messages:
    299
    Likes Received:
    5
    As counter-intuitive and 'IT-illiterate old person' as it sounds, writing down your passwords on a piece of paper that's kept in your desk drawer near the PC is actually a very secure way apparently. The rationale being, "people who want to hack into your online banking, Paypal, Ebay online forum accounts" and "people who break into your house to burgle your stuff" are mutually exclusive. Physically separating your passwords from you online presence, basically.

    Of course, this doesn't address the MangaGamer issue, but if you're fed up with trying to remember your passwords and feel that using one password for everything or using a password site is putting your eggs into one basket...write the damn things down on a piece of paper!
     
  16. Shadow Cat

    Shadow Cat HelloKittyIsMyWaifu

    Joined:
    Feb 21, 2013
    Messages:
    2,199
    Likes Received:
    15
    Well.. The hacker has made a comment on the MangaGamer forums:

    And on Twitter:
     
  17. Necro

    Necro Grim User

    Joined:
    Jan 19, 2010
    Messages:
    1,727
    Likes Received:
    7
    Interesting. Another example of why vigilantism isn't the god send everyone with a social media account seems to think it is. There's a reason that the "official" way of doing things is done that way. What a ****.
     
  18. TiggsPanther

    TiggsPanther Registered

    Joined:
    Jun 8, 2013
    Messages:
    202
    Likes Received:
    0
    The method I used to use was the combination of a password scheme and a cheatsheet. Working by taking parts of the annotations to apply to a common method to generate my passwords. In my case it was based somewhat around the site name, username and date of last change.
    The drawback of this method is that you end up with an arbitrary combination of letters and number that isn't necessarily memorable. And you end up having to basically decrypt your own password each time, if your memory is as crappy as mine is.

    Currently I am using PasswordSafe, and variants thereof.
    It works by you actually having the encrypted safe file yourself. So you can do manual copies or, if you choose to, a cloud service such as DropBox or Google Drive.
    If you have an Android device, there's a part which also has a Google Drive companion app. And there are iOS and OSX versions which can use iCloud, Dropbox or (in teh case of the OSX version) just stick it in and shared folder you use other platform apps with.

    The advantage I find to this is that you have the file yourself. And if you do put it on a cloud service, they're merely hosting and syncing the file. The encryption is in the file itself, and nothing to do with any service you may be sticking it on.
     
  19. Shiroi Hane

    Shiroi Hane Baka Ranger

    Joined:
    Nov 9, 2004
    Messages:
    316
    Likes Received:
    0
    Ah, another QI viewer :)
     
  20. Martin

    Martin guitaku
    Staff Member

    Joined:
    Aug 27, 2004
    Messages:
    299
    Likes Received:
    5
    :cool:
     

Share This Page