Cyber Incident Victim: Taringa
Date:
Aug 2017
Location:
Argentina
Summary
A social network platform suffered a data breach exposing login credentials of approximately 28 million users, including usernames, email addresses, and passwords hashed with the outdated MD5 algorithm, which allowed attackers to decrypt 93% of the credentials. The compromised passwords predominantly consisted of weak, easily guessable combinations without special characters, exacerbated by the platform's failure to enforce robust password policies. Following the incident, the company initiated a mass password reset, upgraded its encryption to SHA-256, and notified users while continuing to monitor for suspicious activity, though the attackers' identity and intrusion method remained unidentified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2017, Taringa, a Latin American social network often compared to Reddit, confirmed a data breach compromising the accounts of 28,722,877 users. The incident involved unauthorized access to a database containing usernames, email addresses, and passwords hashed with the MD5 algorithm, which security researchers widely regarded as obsolete and cryptographically weak. LeakBase, a breach notification service, obtained and analyzed the full database, determining that 93.79% of the hashed passwords (26,939,351 accounts) could be cracked within days due to MD5's vulnerabilities. Analysis revealed that most passwords consisted of lowercase alphabetic characters without special symbols, with common choices including "123456789," "123456," and "000000." The majority of passwords were six characters long, followed by eight, nine, and ten characters. Taringa acknowledged the breach in a blog post, stating it likely occurred the previous month, though the attackers' identity and intrusion methods remained unidentified. The company confirmed that phone numbers, social media credentials, and Bitcoin wallet addresses from its Creators program were not compromised.
Taringa initiated a mandatory password reset strategy, requiring users to change credentials upon login and upgrading its password encryption from MD5 to SHA-256. The company emailed reset links to users and increased infrastructure monitoring for unusual activity. LeakBase provided The Hacker News with a sample of 4.5 million records for verification; contacted users confirmed their plaintext passwords matched the breached data. Taringa's customer support team engaged directly with the community to address concerns. Security analysts noted the breach highlighted systemic issues, as the platform had not enforced strong password policies, allowing users to register with easily guessable credentials. The incident exposed 15 million unique passwords, many reused across other services, amplifying risks beyond Taringa. No financial fraud or secondary attacks were directly linked to the breach in the immediate aftermath, though the cracked credentials remained viable for credential-stuffing attacks. Taringa maintained there was no evidence of ongoing attacker access to its systems following containment efforts.