Full Report
In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
Analysis Summary
# Incident Report: MaReads Data Breach (June 2025)
## Executive Summary
In June 2025, MaReads, a Thai-language fiction and comics website, suffered a data breach resulting in the exposure of approximately 74,000 user records. The compromised data included sensitive Personally Identifiable Information (PII) such as phone numbers, dates of birth, email addresses, and usernames. The specific attack vector and response actions taken by the organization were not detailed in the available information, but victims were strongly advised to update their passwords and enable MFA.
## Incident Details
- Discovery Date: July 15, 2025 (Date added to HIBP)
- Incident Date: June 2025
- Affected Organization: MaReads
- Sector: Online Publishing/Fiction Platform
- Geography: Thailand (Implied by language focus)
## Timeline of Events
### Initial Access
- Date/Time: June 2025
- Vector: Undisclosed
- Details: Attribution suggests the breach began sometime in June 2025, leading to the compromise of user database records.
### Lateral Movement
- *Details not available in source material.*
### Data Exfiltration/Impact
- Compromised Data: Usernames, email addresses, phone numbers, and dates of birth for approximately 74,500 accounts.
### Detection & Response
- Date/Time: July 15, 2025 (Reported publicly via HIBP)
- Response Actions: The organization is aware of the breach. Public recommendations focused on user action: changing passwords and enabling Two-Factor Authentication (2FA).
## Attack Methodology
- Initial Access: Unknown
- Persistence: Unknown
- Privilege Escalation: Unknown
- Defense Evasion: Unknown
- Credential Access: Unknown
- Discovery: Unknown
- Lateral Movement: Unknown
- Collection: User database containing PII.
- Exfiltration: Unknown
- Impact: Unauthorized exposure of 74.5k user records.
## Impact Assessment
- Financial: Not disclosed.
- Data Breach: 74.5k records compromised, including DoB, email, phone number, and username.
- Operational: Not disclosed, though customer trust is likely reduced.
- Reputational: Negative publicity associated with a data leak publicized via Have I Been Pwned.
## Indicators of Compromise
- *No specific technical IOCs (IPs, URLs, file hashes) were provided.*
- **Behavioral:** Unauthorized access and extraction of the user database.
## Response Actions
- **Containment:** Unknown.
- **Eradication:** Unknown.
- **Recovery:** Unknown, but users were instructed to change passwords and enable 2FA.
## Lessons Learned
- The exposure of dates of birth alongside other identifiers significantly increases the risk of identity theft for affected users.
- The nature of the breach suggests a vulnerability allowing access to application or database credentials.
## Recommendations
- Immediate implementation of a robust password management policy, including mandates for strong, unique passwords across all user accounts.
- Mandatory enforcement of Two-Factor Authentication (2FA) for all user accounts to mitigate credential stuffing or password reuse attacks.
- Review and segment user databases to ensure PII (especially dates of birth and phone numbers) is stored with appropriate encryption or hashing, separating it from core authentication data.