The data breach notification website LeakBase reported to the colleagues at THN the Taringa data breach, over 28 Million users’ data exposed.
Taringa, also known as ‘The Latin American Reddit’, is a popular social network used by netizens in Latin America to create and share thousands of posts every day on general interest topics.
The data breach notification website LeakBase reported to the colleagues at THN that Taringa suffered a data breach. LeakBase has obtained a copy of the stolen database containing details on 28,722,877 accounts, including usernames, hashed passwords, and hashed passwords. LeakBase has shared a dump of 4.5 million Taringa users with the peers at The Hacker News in order to check the data.
The hashing algorithm used to protect the passwords is the weak MD5 that is considered no more secure because it can be easily cracked, in fact, LeakBase researchers already cracked 93.79 percent (nearly 27 Million) of hashed passwords is a few days.
Experts at THN contacted users whom emails were included in the dump they received, they confirmed the authenticity of their credentials.
It seems that the data breach is dated back August, but the company did not publicly disclose it. The company Taringa only reported the data breach to users who logged in to the website.
In response to the data breach, Taringa is sending a password reset link via an email to its users when they access their account with an old password.
LeakBase researchers successfully cracked 26,939,351 out of 28,722,877 passwords MD5-hashed. The archive contains more than 15 Million unique passwords. Below statistics related to the Taringa data breach:
The bad news is that also, in this case, Taringa users adopted easy to guess passwords such as 123456789, 123456, 1234567890, 000000, 12345, and 12345678. Most passwords were six characters long, the circumstance suggests the Taringa platform did not force users to choose strong passwords.
The most used email services are hotmail.com and gmail.com.
Taringa users are anyway recommended to change the password as soon as possible.