The data breach notification website LeakBase reported to the colleagues at THN the Taringa data breach, over 28 Million users’ data exposed.
Taringa, also known as ‘The Latin American Reddit’, is a popular social network used by netizens in Latin America to create and share thousands of posts every day on general interest topics.
The data breach notification website LeakBasereported to the colleagues at THN that Taringa suffered a data breach. LeakBase has obtained a copy of the stolen database containing details on 28,722,877 accounts, including usernames, hashed passwords, and hashed passwords. LeakBase has shared a dump of 4.5 million Taringa users with the peers at The Hacker News in order to check the data.
The hashing algorithm used to protect the passwords is the weak MD5 that is considered no more secure because it can be easily cracked, in fact, LeakBase researchers already cracked 93.79 percent (nearly 27 Million) of hashed passwords is a few days.
Experts at THN contacted users whom emails were included in the dump they received, they confirmed the authenticity of their credentials.
It seems that the data breach is dated back August, but the company did not publicly disclose it. The company Taringa only reported the data breach to users who logged in to the website.
In response to the data breach, Taringa is sending a password reset link via an email to its users when they access their account with an old password.
LeakBase researchers successfully cracked 26,939,351 out of 28,722,877 passwords MD5-hashed. The archive contains more than 15 Million unique passwords. Below statistics related to the Taringa data breach:
The bad news is that also, in this case, Taringa users adopted easy to guess passwords such as 123456789, 123456, 1234567890, 000000, 12345, and 12345678. Most passwords were six characters long, the circumstance suggests the Taringa platform did not force users to choose strong passwords.
The most used email services are hotmail.com and gmail.com.
Taringa users are anyway recommended to change the password as soon as possible.
Further details on the LeakBase’s analysis are available at the following link
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.