What happened
According to public breach records, the Taringa data breach on August 1, 2017 is reported to have exposed the personal information of 27,971,100 accounts.
In September 2017, news broke that Taringa had suffered a data breach exposing 28 million records. Known as "The Latin American Reddit", Taringa's breach disclosure notice indicated the incident dated back to August that year. The exposed data included usernames, email addresses and weak MD5 hashes of passwords.
Passwords in this breach were reportedly stored as MD5 hashes.
In August 2017 the Argentine social network Taringa (often called "the Latin American Reddit") suffered a database breach exposing roughly 28 million user records — usernames, email addresses, and passwords. The breach surfaced when the breach-notification service LeakBase obtained a copy of the database and reported it; because the passwords were stored using the outdated MD5 algorithm, LeakBase said it cracked about 94% of the hashes within days. Taringa confirmed the incident in a Spanish-language notice, forced a platform-wide password reset, and stated it upgraded password hashing from MD5 to SHA-256.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Taringa |
| Date | August 1, 2017 |
| Accounts affected | 27,971,100 |
| Domain | taringa.net |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Taringa; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Taringa password immediately, and change it anywhere else you reused the same password — the MD5 hashes were largely cracked, so the original passwords should be treated as known.
- Enable two-factor authentication on any account that shared this email/password combination to blunt credential-stuffing attempts.
- Use a unique, strong password per site (a password manager helps) so a single cracked credential can't unlock other accounts.
- Stay alert for targeted phishing emails sent to the exposed address, and avoid clicking unexpected password-reset or login links.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Taringa: Over 28 Million Users' Data Exposed in Massive Data Breach — The Hacker News
- Bazinga! Social network Taringa 'fesses up to data breach — The Register
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →