MangaDex, a place where people can read manga comics, has suffered a cyber attack, designed to cause disruption and is down until further notice. They have planned to rewrite full code for security and will use ethical hackers to do testing.
In the attack, bad actors gained admin account access by using old session tokens leaked earlier. Coders responded by clearing all sessions globally and doing source code review. But during that time, same bad actors accessed site’s dev account and stole latest source code. The attackers updated sites git repo claiming to have fixed 2 of 3 CVEs in site but site’s dev aren’t trusting the claims without verifying.
The full extent of attack is unknown and site advised users to change passwords of accounts that share MangaDex account password.