Hackeo a taringa leak de 28 millones de passwords

The Hacker News has been informed by LeakBase, a breach notification service, who has obtained a copy of the hacked database containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users.

The hashed passwords use an ageing algorithm called MD5 – which has been considered outdated even before 2012 – that can easily be cracked, making Taringa users open to hackers.

LeakBase has shared a dump of 4.5 million Taringa users with The Hacker News to help us verify the authenticity of the leaked database.

Using email addresses in the dump, we contacted a few random Taringa users with their plain text passwords, who acknowledged the authenticity of their credentials.

The data breach reportedly occurred last month, and the company then alerted its users via a blog post, sharing more information about the incident.

“It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators.” the post (translated) says.

“At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.”

Taringa-Data-Breach-hacking

“We’ve made a massive password reset strategy and also increased the encryption of the passwords from MD5 to SHA256. We’ve also been in contact with our community via our customer support team,” a Taringa spokesperson told The Hacker News.

Leaked Database Analysis

As you can see in the image given below, LeakBase team managed to crack 26,939,351 out of 28,722,877 passwords hashed using the MD5 algorithm, out of which over 15 Million were unique passwords.

The vast majority of the cracked passwords were alpha and lower case alpha and did not contain any special characters or symbols.

cracked-password

Taringa-Data-Breach-passwords

Taringa-Data-Breach-Password-length

email-services

Not completely. It’s also the fault of the company, who failed to enforce a strong password policy on their users, eventually allowing them to sign up with weak passwords.

After data breaches, the organisations tend to blame the end users for poor password security, but they forget to provide them one.

So far, it has not been clear who is behind the attack on Taringa, neither how the attackers managed to breach into its servers.

Meanwhile, in a separate news,we reported about an unknown hacker selling personal details on more than 6 million high-profile Instagram accounts on an online website, Doxagram, after the hacker breached the Facebook-owned photo sharing service using a flaw in its API.

How to Help Protect Yourself from Data Breaches

Also, change passwords for other online accounts for which you are using the same password as for Taringa account.

Even if any website allows you to create an account with a weak password, you should always choose a complex password. Use a good password manager, if you find following best practices difficult.

Moreover, avoid clicking on any suspicious link or attachment you received via an email and providing your personal or financial information without verifying the source correctly.

Fuente: https://thehackernews.com