The hashing algorithm used to protect the passwords is the weak MD5 that is considered no more secure because it can be easily cracked, in fact, LeakBase researchers already cracked 93.79 percent (nearly 27 Million) of hashed passwords is a few days.
Experts at THN contacted users whom emails were included in the dump they received, they confirmed the authenticity of their credentials.
It seems that the data breach is dated back August, but the company did not publicly disclose it. The company Taringa only reported the data breach to users who logged in to the website.
In response to the data breach, Taringa is sending a password reset link via an email to its users when they access their account with an old password.
LeakBase researchers successfully cracked 26,939,351 out of 28,722,877 passwords MD5-hashed. The archive contains more than 15 Million unique passwords. Below statistics related to the Taringa data breach:
The bad news is that also, in this case, Taringa users adopted easy to guess passwords such as 123456789, 123456, 1234567890, 000000, 12345, and 12345678. Most passwords were six characters long, the circumstance suggests the Taringa platform did not force users to choose strong passwords.
The most used email services are hotmail.com and gmail.com.
Taringa users are anyway recommended to change the password as soon as possible.
Further details on the LeakBase’s analysis are available at the following link
(Security Affairs – Taringa Data Breach, cracking)