Taringa: 28 Million Accounts exposed due to a massive breach

20 Sep 2017
No Comments

Taringa is a social network predominantly used among Latin Americans.

It has its presence among the Spanish-speaking nations, Argentina, Peru, Spain, Chile, Colombia and US latino community and it receives 75 million unique visitors every month.



Earlier this month, a data breach shook the world. Yes, we are talking about Taringa data breach.

About 28 million registered user base were compromised by the hackers. They exposed merely all record. Taringa confirmed it.

It all happened on September 4, 2017, where the attackers stole the records of 28,722877 registered users. Initially it was disclosed by LeakBase, a data breach notification website.

In addition to the above, it was inferred and confirmed from the analysis that, the database contains email addresses, usernames and passwords with a weak MD5 Hashing Algorithm.

The company used a weak MD5 (128-bit) Algorithm, rather a strong SHA (256-bit) Algorithm, which was very easy to crack.



Hash passwords were using an aging algorithm MD5 which was considered outdated before 2012 itself. It can be interrupted easily by the attackers, resulting in access to all the user details.

The LeakBase group cracked near about 93.79 % (27 million) of the disclosed passwords by exploiting the threats in the MD5 Hashing Algorithm in a couple of days.


A small comparison between MD5 and SHA

Taking into consideration about the security alone which is the prime concern, SHA (Secure Hash Algorithm) is ofcourse highly secured than that of MD5, which is backed up by many facts, for your reference.



Database analysis:

Even though, numerous security websites are recommending and creating awareness to safeguard the passwords of the user’s login, the Taringa users, many of them used, very basic fundamental passwords to protect their more sensitive data.

As can be seen below,

The researchers at LeakBase identified the MD5 hashed and cracked nearly 26939351 passwords out of 28722877. The archive contains about 15 million+ passwords.



The shocking aspect is that most of the cracked passwords did not even contain any special characters or symbols.

The most used email services were Gmail and Hotmail.

To know what really the users of Taringa were using as passwords for logging in, please see the below:



The worst scenario is that the most used passwords were 123456789, 123456, 1234567890, 000000, 12345 and 12345678. The users of Taringa were using such a poor passwords to login.


Choice of Passwords – Whom to Blame?

Yes. It is the company’s fault alone which failed to recommend and implement a strong password policy for its users.

Soon after violations of data, the organizations usually tend to blame their users for poor password security usage, but instead they neglect to provide one.

Taringa, instantly realized its faults and forced a global reset on users. It has also updated to the secure SHA (256-bit) and points out that the end users need to take preventive security measures to protect themselves.

The Taringa admin said the following statement which is Google translated as:

“From the moment our team detected the incident was working to secure the accounts and personal information of our users. At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.”

In addition to that, as a measure to protect the users, Taringa is presently sending a reset password link via email to all its users, the moment they access their account with the old password.



Later, a Taringa spokesperson said:

“We’ve made a massive password reset strategy and also increased the encryption of the passwords from MD5 to SHA256. We’ve also been in contact with our community via our customer support team,”

The users must follow the tips and watch out for any suspicious communications that requests for their account details or any other personal information.

NOW WATCH: Latin American Social Media Giant Taringa Hacked


Shield yourself from any Data Breach:

It is highly recommended to change your passwords, if you are one of those potentially affected users.

Change all the passwords of all the other online accounts if you are currently using the same password, used already for the Taringa account.

Even if a website, allows you to create an account with a normal and simple password (which will be hacked easily), you are highly recommended to use strong passwords or follow the tips given in our blogs on how to create strong passwords or even visit Password Generator for creating unique long passwords which takes nearly years by the hackers to crack it.

Avoid clicking any attachment or suspicious link, you received through an email and provide your personal credentials or your financial information without proper verification of the source.


Leave a Reply

Your email address will not be published. Required fields are marked *