Users on Taringa, also known as “The Latin American Reddit,” may have had their account details compromised in a huge data breach that saw the login details of almost all its 28 million users leaked.
Taringa is a popular Latin-American social network where users create and share thousands of posts every day on general interest topics like life hacks, tutorials, recipes, reviews, and art.
According to The Hacker News, breach notification service LeakBase revealed a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users.
The hashed passwords use an ageing algorithm called MD5 – which has been considered outdated even before 2012 – that can easily be cracked, making Taringa users open to hackers.
According to LeakBase, the MD5 algorithm is extremely weak, with 93.79% (nearly 27 Million) of hashed passwords successfully cracked within just a few days.
LeakBase has shared a dump of 4.5 million Taringa users with The Hacker News to help us verify the authenticity of the leaked database.
Using email addresses in the dump, The Hacker News contacted several random Taringa users with their plain text passwords, who acknowledged the authenticity of their credentials.
The data breach is said to have occurred last month, and the company then alerted its users via a blog post, sharing more information about the incident.
“It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators.” the post (translated) says.
“At the moment, there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.”
To protect its users, Taringa is currently sending a password reset link via an email to its users as soon as they access their account with an old password.