Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Social Networks Communications Network The Internet

Over 28 Million Records Stolen In Breach of Latin American Social Network Taringa (thehackernews.com) 16

Taringa, also known as "The Latin American Reddit," has been compromised in a massive data breach that has resulted in the leaked login credentials of almost all of its over 28 million users. The Hackers News reports: The Hacker News has been informed by LeakBase, a breach notification service, who has obtained a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 -- which has been considered outdated even before 2012 -- that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5? LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords successfully within just a few days. The data breach reportedly occurred last month, and the company then alerted its users via a blog post: "It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators." the post (translated) says. "At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure."
This discussion has been archived. No new comments can be posted.

Over 28 Million Records Stolen In Breach of Latin American Social Network Taringa

Comments Filter:
  • Were they all 'Los Lobos' and 'Selena'?

    Or were other records stolen?

  • by ls671 ( 1122017 )

    Does this mean they weren't using a salt value?

    Even with md5, I can't imagine that it would be that easy to crack when salting with a different salt for each password as best practices states but I have never looked into it closely so I am wondering...

    • by ls671 ( 1122017 )

      Also, from TFA:

      We've made a massive password reset strategy and also increased the encryption of the passwords from MD5 to SHA256. We've also been in contact with our community via our customer support team," a Taringa spokesperson told The Hacker News.

      Why not go with a SHA512 salt and a SHA512 hash while at it and "upgrading" security? I do not see the load on the system being raised that much because of that. Anyway, that's what I use.

      And no mention of salts anywhere in TFA.

  • by Anonymous Coward

    Thought they were all undocumented.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...