Social Media Network Taringa Suffers Data Breach Exposing Tens of Millions of User’s Data

Brian Erickson | September 15, 2017

As we have mentioned in our blog posts before, social media can be a huge target for cyber attackers. Millions of people are putting their data on these types of sites, including their location, phone numbers, names, affiliations, passwords, email addresses, and much more. Of course, all of this can be quite valuable for malicious attackers out there. If compromised, attackers can use it to potentially access user accounts and employ phishing campaigns. This risk has already been demonstrated in previous attacks over the years, including those targeting Myspace and Tumblr. In another attack like this, the Latin American social media network Taringa admitted to a data breach that spilled tens of millions of user records.

What Was Compromised in the Breach

Taringa is a site that is sometimes referred to as the “Latin American Reddit.” Users create and share large numbers of posts daily on the site regarding various topics like recipes and life hacks. The site had been targeted by a hacker, who was able to gain access to the details of 28,722,877 accounts, which is almost the entire user base of the site. The details compromised in the attack included user names, hashed passwords (MD5 algorithm), and email addresses. According to Taringa, no phone numbers or addresses associated with Bitcoin wallets were affected in the attack. One of the most dangerous aspects of the attack is the weak protection that was used on the passwords. MD5 is known to be a pretty weak form of encryption, and it was also considered to be outdated before 2012. In fact, this method is so weak that LeakBase was able to crack nearly 94% of the passwords that were stolen in the breach within a few days. In response to the breach, Taringa had sent emails to users regarding the incident, forced a password reset, bolstered systems and password encryption, and they are also consulting with their legal team for any further necessary steps.

It is unfortunate that this incident has occurred and placed users at risk, but Taringa does appear to be taking full responsibility for the breach. The above mitigative actions display that they understand the repercussions and are working to remediate the incident. Many organizations can be lackadaisical when it comes to addressing a breach, which simply makes the damages worse. This can be easily seen regarding damage to reputation and customer trust, as these damages are often much worse for organizations that neglect comprehensive breach handling.

The Importance of Modernizing Cyber Security Implements

There are numerous factors and implements that are involved within proper cyber security. This includes the basics of antivirus and firewalls, advanced implements like monitoring and intelligence, and also the maintenance of systems and networks. The above incident can be attributed to the latter category. Organizations that continue to employ outdated and proven insecure methods are placing themselves and their customers at risk. No matter what the reasoning may be, employing these insecure methods is simply negligence. Implementing new security or upgrading current systems can be expensive, but the costs of a data breach or cyber attack can be much higher. When it comes to cyber security, proactivity is key. Modern threats are adept at flying under the radar or bypassing any lacking security, which is why organizations must constantly evaluate their systems and networks for any vulnerabilities. And of course, this includes ensuring that everything is up to date and secure methods of encryption are used. Massive Alliance offers many modern cyber security tools and implements that can help organizations to maintain proper defenses.

Operations Manager
Avid documenter of all things risk. Passionate about protecting people, property, and performance (PPPP) against risks. Enjoys advanced technology-led resilience solutions which identify relevant threats, warn those affected, and prescribe what action to take.