Updated: 87 Million Records Stolen from Dailymotion

The popular video sharing site Dailymotion was hacked and a total of 87 Million records were leaked due to a hack operated by computer criminals.

Dailymotion was hacked by computer criminals, they were able to expose a total of 87 Million records containing information related to 85 unique email addresses. The leaked database was acquired by LeakedSource and according to the initial analysis more than 18 Million of these entries also include password hashes. The limited information about the hack suggests that the hackers were able to breach the popular video sharing site around October 20.

Security analysts have reviewed a limited number of samples and determined that many of the compromised user accounts were not affected by previous breaches. This indicates that this is a new attack, suggesting that the breach is legitimate. As this is something new, we have limited information about the incident itself. What we know is that the passwords have been hashed using the bcrypt algorithm which makes brute force attacks difficult. However if the attackers pick individual users they can crack the password easily. Dailymotion has not yet responded to queries sent by the various media and has not disclosed anything about the breach.

What Should Follow After the Dailymotion Breach

We have faced many similar incidents like this one before and usually a plan of action is involved. First, the company (in many of the cases but not always) acknowledges the breach and hires investigation teams and works with law enforcement agencies to look into the source of the breach.

Once the weak spot is identified it should be amended and the customers should be informed in detail about the compromised data. It is very likely that many of the users share the account credentials with other services which makes it very insecure to delay such actions. The timely response can help the affected users of Dailymotion to change their usernames and passwords and avoid any further damage.

According to the Leaked Source site the total number of accounts totals to 87,610,750 users. This indicates that the main database server or an access node to it was compromised by the hackers. As there are is no further information available about the incident we do not know if this was caused by an outside party in a hacker attack or through some other means.

Unfortunately this year we experienced many major breaches that leaked millions of accounts on the Internet. The Dailymotion incident is just one example of that and security experts state that more events like this are likely to happen.

Dailymotion’s Response

Dailymotion has publicly acknowledged the incident by publishing a blog post on their official site. The company has indicated that there is a “potential security risk” which comes “from outside of Dailymotion” suggesting that the breach was intentional and done by malicious hackers. As such Dailymotion has enforced a mandatory password for all of their customers.

Here is the full post:

It has come to our attention that a potential security risk, coming from outside Dailymotion may have comprised the passwords for a certain number of accounts. The hack appears to be limited, and no personal data has been comprised. Your account security is extremely important to us, and to be on the safe side, we are strongly advising all of our partners and users to reset their passwords. When defining a new password we recommend that your new password contains eight or more characters, is not obvious (EG: password1234), and not to use the same password on multiple sites.

To reset your password, please complete the following steps:

Go to the Dailymotion website

-Log in to your account

-Use the dropdown menu in the top right-hand corner to access your settings

-Select Account Settings

-Enter a new password and save the changes

To Dailymotion Partners:

If you use Dailymotion in your app or services though the oAuth2 grant_type=password (LINK : https://developer.dailymotion.com/api#oauth-client-native-application) you should update your app or services with your new password.

We would like to remind that the best way to authenticate your app or services is to use refresh-token method (https://developer.dailymotion.com/api#using-refresh-tokens). If you use this authentication method you do not have to update your app or services after the password change.

How disturbing is this problem?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *