AR Taringa Aug 2017 Hacking (Q10380)
From Open Risk Manual
A data breach risk event
Language | Label | Description | Also known as |
---|---|---|---|
English | AR Taringa Aug 2017 Hacking |
A data breach risk event |
Statements
54224f30-9379-11e7-a11c-5542f7e3819f
August 2017
0 references
Taringa, a Reddit-like social network website for Latin American users, has suffered a massive data breach in which 28 million accounts of registered users have been stolen. The details of the case indicate an astonishing lapse in best practices. The reported breach at Taringa highlights some fundamental issues, said Andrew Clarke, EMEA director at One Identity, via email. The fact that an administrative file holding passwords was accessible demonstrates little or no control over privileged accounts. Then the passwords were easily cracked since the company used a weak MD5 (128-bit) algorithm rather than SHA-256. And, the user passwords were not enforced by a strategic password policy since when revealed the passwords used by the users were fundamentally weak the most popular password used (English)