Latin American social site Taringa, often called ‘Latin America’s Reddit’, has suffered a massive breach of user data. Login details for nearly all of the site’s users were compromised.
The social site had instituted a system in 2015 to pay users for content production using Bitcoin. The site partnered with Xapo to create digital wallets for content producers, and then began funding them with Bitcoin for participation.
Wallet balances of the individual users will likely be low, but the massive hack of data may well allow access to those wallets. With prices having increased dramatically since 2015, the original payments that remained intact are likely of some substantial value.
Under-encrypted
Taringa was using an aging encryption system for passwords called MD5. The hackers were able to crack 95% of the 27 mln passwords within just a few days. Taringa has assured customers that wallet addresses were not compromised, though the surety of the promise remains in question. The information post says:
"It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program!"
Users should move Bitcoin balances into other wallets for protection, especially if they had used the same password for their wallet as for their Taringa account, a common practice.