Over 28 million records linked to Taringa, a Reddit-like social networking website popular in Latin America, have reportedly been stolen by hackers in a massive data breach.
A data breach notification service called ‘LeakBase’ obtained a copy of the database containing details of 28,722,877 accounts, which includes login details, usernames, email addresses and hashed passwords of Taringa users.
The hashed passwords were reportedly encrypted with MD5, an age-old security algorithm that can easily be cracked. The technology is considered to be so weak that LeakBase itself has managed to access 93.79 percent (nearly 27 million) of Taringa passwords successfully within just a few days. LeakBase is a data breach notification service which charges its customers for the ability to check if their details are included in hacked databases.
Based on email addresses revealed in the leak, The Hackers News, who first echoed this news has contacted some random users of the Taringa, who confirmed the authenticity of the leaked database.
In a more detailed analysis of the leaked credentials, the LeakBase researchers claimed the most used passwords are not only weak but also very common. The top email domains included Hotmail, Gmail, and Yahoo.
The data breach reportedly occurred last month, and the company then alerted its users via a blog post, sharing more information about the incident.
“We suffered an external attack that compromised the security of our databases and the code of Taringa. It is likely that the attackers have made the database containing email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of Bitcoin wallets from the Taringa program Creators.” the post says.
It also said there was no concrete evidence that the hackers still had access to the Taringa code. The identity of the hacker, or hackers, remains unknown. “Be wary of any communication that seems to come from Taringa,” it told the community.