Shueisha has reported a possible leak of user email addresses and other personal information from its recently launched RimaComi+ portal.

The site, which launched on June 25, caters to fans of shojo and josei manga, offering content from popular magazines such as Ribon, Margaret, and Bessatsu Margaret.

The leak occurred between June 25, 2024, and July 4, 2024.

Shueisha issued an official apology on July 9, 2024, detailing the incident and outlining steps to resolve the issue.

According to the statement, a system design error led to an ID identification issue on the RimaComi+ website. This potentially allowed third parties to log into some users' accounts, exposing email addresses and other personal details.

The breach reportedly impacted 157 accounts, with five of them exposing the names of credit card holders.

The compromised information extends beyond email addresses. Usernames, profile icons, browsing history, and financial details, such as the last four digits of credit cards and expiration dates, may have been viewed.

Shueisha emphasized that no unauthorized credit card use was detected.

However, a vulnerability allowed unauthorized use of paid coins in the app, which the company later fixed by issuing full refunds to affected users.

Shueisha said it has contacted all potentially affected users via email with an apology and details about the incident.

Furthermore, the publisher also revealed that it is taking steps to prevent similar occurrences. This includes increasing staff awareness of information security and implementing stricter data management protocols.

Source: Oricon