Exclusive – If you have an account in Taringa, also known as “The Latin American Reddit”, details of your account may be involved in a massive Taringa Data Breach violation of leaked data access details almost all of its more than 28 million users.
Taringa is a popular social network for Latin American users who create and share thousands of publications on topics of general interest like life hackers, tutorials, recipes, reviews, and art.
Official Hacker Got Information Through LeakBase a Taringa data breach notification service that obtained a copy of the database containing information about hacked 28,722,877 accounts, including user names, email addresses, and hash passwords of Taringa users.
Also Read: 6 Million Celebrities Accounts Data Are Up For Sale On Doxagram By Instagram Hacker
Hash passwords use an aging algorithm called MD5 – considered obsolete even before 2012 – which can be easily interrupted, causing hacker access to Taringa users.
Want to know how weak MD5 is? The LeakBase team has already broken 93.79 percent (nearly 27 million) of successful hash passwords in just a few days.
LeakBase shared a dump of 4.5 million Taringa users with Official Hacker to help us verify the authenticity of the filtered database.
Using e-mail addresses on the dump, we contacted some random users of Taringa with their text passwords, who recognized the authenticity of their credentials.
The data violation occurred last month and the company warned its users through a blog post, sharing more information about the incident.
Also Read: Top 5 Easy Ways Boost Your Creativity
“It is likely that attackers have made the database contain clicks, email addresses, and encrypted passwords. No phone numbers No compromises and credentials for access to other social networks and addresses of Bitcoin folders in the Taringa! translated) says.
“At the moment there is no concrete evidence that attackers continue to have access to the Taringa code and our team continues to monitor unusual movements in our infrastructure.”
To protect its users, Taringa sends a password reset link to users as soon as they access their account with an old password.
One of the contacted users also shared a screenshot of the alert with Official Hacker, as shown earlier.
“We did a huge password reset strategy and we also increased MD5 encryption passwords for SHA256. We were also in contact with our community through our customer support team,” said Taringa’s spokesperson at Official Hacker.
Also Read: A New Gazer Backdoor Is Targeting Ministries and Embassies Around The World
Filtered database analysis Of Taringa data breach
Below we have a brief analysis of the filtered database, which suggests that even after countless warnings, most people continue to use mortally simple passwords to safeguard more sensitive data.
As can be seen in the picture below, the team has been able to decipher LeakBase 28.722.877 26.939.351 passwords with the MD5 algorithm, which have been more than 15 million unique passwords.
The vast majority of cracked passwords were alpha and alpha and did not contain special characters or symbols.
Below we list the most popular commands/passwords chosen by users of Taringa also includes passwords worse 123456789, 123456, 1234567890, 000000, 12345 and 12345678.
The wider length of the password was six characters, followed closely by eight characters, nine and ten characters. In anticipation, rates drop drastically as you go further.
Also Read: 9 Most Powerful Tips To Overcome Fear of Public Speaking
In addition to cracked passwords, LeakBase also examines the e-mail addresses contained in the data dump and the most common email domains are:
But are Taringa’s users totally responsible for the choice of weak passwords?
Not completely. It is also the fault of the company, which has not implemented a strong password policy for its users, which in the end has allowed them to sign with the weak password.
After data violations, organizations tend to blame end users for poor password security, but they forget to provide one.
So far, it’s not clear who is behind the attack Taringa data breach, nor how aggressors could violate their servers.
Meanwhile, in another news, we reported an unknown hacker who sold personal information on more than 6 million high profile Instagram accounts on an online website, Doxagram, after the hacker violated the shared photo service of Facebook using a bug in its API.
Also Read: Over 700 Million Email Addresses Exposed From SpamBot Server
Help protect you from Taringa Data Breach
Of course, if you are one of those potentially affected users, it is advisable to immediately change your passwords.
Also, change the passwords of other online accounts for which you use the same password for the Taringa account.
Even if a website allows you to create an account with a weak password, you always have to choose a complex password. Use a good password manager if you find the following difficult practices.
Also, avoid clicking any suspect or attachment link you received through an email and provide your personal or financial information without properly verifying the source.