Shueisha has reported a possible leak of user email addresses and other personal information from its recently launched RimaComi+ portal.

The site, which launched on June 25, caters to fans of shojo and josei manga, offering content from popular magazines such as Ribon, Margaret and Bessatsu Margaret.

The leak occurred between June 25, 2024 and July 4, 2024.

Shueisha issued an official apology on July 9, 2024, detailing the incident and outlining steps to resolve the issue.

According to the statement, a system design error led to an ID identification issue on the RimaComi+ website. This allowed third parties to potentially log into some users' accounts, thereby exposing email addresses and other personal details.

The leak reportedly impacted 157 accounts, with five of them exposing the names of credit card holders.

The compromised information extends beyond email addresses. Usernames, profile icons, browsing history, and financial details such as the last four digits of credit cards and expiration dates may have been viewed.

Shueisha emphasized that no unauthorized use of credit cards was detected.

However, a vulnerability allowed unauthorized use of paid coins in the app, which the company later fixed by issuing full refunds to affected users.

Shueisha said it had contacted all potentially affected users via email with an apology and details about the incident.

Additionally, the publisher also revealed that it is taking steps to prevent similar occurrences. This includes increasing staff awareness of information security and implementing stricter data management protocols.

Source: Oricon