Taringa, also known as “The Latin American Reddit, ” has been compromised in a massive data breach that has resulted in the leaked login credentials of almost all of its over 28 million users. The Hackers News reports: The Hacker News has been informed by LeakBase, a breach notification service, who has obtained a copy of the hacked database containing details on 28, 722, 877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 — which has been considered outdated even before 2012 — that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5? LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords successfully within just a few days. The data breach reportedly occurred last month, and the company then alerted its users via a blog post: “It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators.” the post (translated) says. “At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.” Read more of this story at Slashdot.
Excerpt from:
Over 28 Million Records Stolen In Breach of Latin American Social Network Taringa
An anonymous reader quotes ZDNet: A huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer’s large-scale malware operation to bypass spam filters by sending email through legitimate email servers. The spambot, dubbed “Onliner, ” is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it’s resulted in more than 100, 000 unique infections across the world, Benkow told ZDNet. Troy Hunt, who runs breach notification site Have I Been Pwned, said it was a “mind-boggling amount of data.” Hunt, who analyzed the data and details his findings in a blog post, called it the “largest” batch of data to enter the breach notification site in its history… Those credentials, he explained, have been scraped and collated from other data breaches, such as the LinkedIn hack and the Badoo hack, as well also other unknown sources. The data includes information on 80 million email servers, and it’s all used to identify which recipients have Windows computers, so they can be targeted in follow-up emails delivering Windows-specific malware. Read more of this story at Slashdot. 
CNET reports: Amazon just put budget phone maker Blu in the penalty box. The online retailing giant told CNET that it was suspending sales of phones from Blu, known for making ultra-cheap Android handsets, due to a “potential security issue.” The move comes after security firm Kryptowire demonstrated last week how software in Blu’s phones collected data and sent it to servers in China without alerting people. Blu defended the software, created by a Chinese company called Shanghai Adups Technology, and denied any wrongdoing. A company spokeswoman said at the time it “has several policies in place which take customer privacy and security seriously.” She added there had been no breaches. Blu said it was in a process of review to reinstate the phones at Amazon. Read more of this story at Slashdot. 
In a piece describing the paranoid vibe in Las Vegas during the DEFCON convention, CNET reported Friday that the Wet Republic web site “had two images vandalized” with digital graffiti. But their reporter now writes that “my paranoia finally got the best of me, and it turned out to be an ad campaign.” The images included a scribbled beard and eye patch on a photo of bikini model, along with the handwritten message “It’s all out war.” CNET’s updated story now reports that “It looked like a prank you’d see from a mischievous hacker…” When I spotted the vandalism on the Wet Republic site Friday morning, it looked like other attacks I’d seen throughout the week, such as a Blue Screen of Death on a bus ticket machine… Hakkasan, which hosts the event at MGM Grand, said the “vandalism” was part of the cheeky advertisements for a seasonal bikini contest it’s been running since 2015. The “all-out war” is between the models in the competition, not between hackers and clubs. Hakkasan’s spokeswoman said nothing on its network has been compromised. So maybe not everything online in Las Vegas is getting hacked this week, and this n00b learned to calm down the hard way. For that matter, maybe that blue screen of death was also just another random Windows machine crashing. CNET’s reporter made one other change to his article. He removed the phrase “when hackers are in town for Defcon, everything seems to be fair game.” Read more of this story at Slashdot.