According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors.
The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may have already been used for phishing attacks or sold on to multiple individuals.
The Dailymotion cyberattack is believed to have impacted approximately 85.2 million of the site’s users. Individuals affected by the breach have had their unique username and email address compromised, although the individual behind the attack is only believed to have obtained 18.3 million passwords. Fortunately for account holders, passwords were encrypted using bcrypt, which offers more protection than other commonly used hashing algorithms such as MD5 or SHA1.
While it is not impossible to crack passwords that have been hashed using bcrypt, the process is slow. This gives the site’s users some time to change their passwords and secure their accounts. However, even without passwords, users of the site are at risk. Cybercriminals may attempt to send phishing emails that attempt to get the recipients to reveal their passwords. The stolen email addresses could be used for spam campaigns that spread malware and ransomware.
It is important for victims of the Dailymotion cyberattack to be on high alert for phishing emails and malicious messages. Extra care should be taken responding to any email message, especially those containing hyperlinks or attachments.
Breach victims that have engaged in password recycling across multiple web platforms should change their passwords on all of their online accounts for which the same password was used.
LeakedSource maintains a database of email addresses that have been compromised in data breaches. To date, more than 2.9 billion records have been added to the organization’s database. A further 30 data breaches from this year have yet to be added to the LeakedSource database, which are likely to bring the total to over 3 billion.
Individuals concerned that their account details have been breached in this or other data breaches, can check their email address against the database on this link.