Dailymotion hack exposes '85 million' user accounts

binary on a screen with words 'hacking attack'

A hack on French video-sharing site Dailymotion has exposed millions of user account details, with email addresses and usernames reportedly leaked online.

More than 85 million accounts were compromised in the attack, 18.3 million of which had associated passwords, according to LeakedSource, a security breach notification website that revealed the attack took place on 20 October.

Although the passwords were 'hashed', or jumbled to prevent attackers reading them easily, users are likely vulnerable to targeted phishing scams.

LeakedSource, which also discovered a recent hack on AdultFriendFinder, said the identity of the person behind the latest attack is unknown.

Dailymotion denied that any personal data had been compromised, and said the security threat came "from outside Dailymotion", possibly a reference to re-used passwords from cyber attacks on the likes of LinkedIn.

It said in a blog post today: "The hack appears to be limited, and no personal data has been compr[om]ised. Your account security is extremely important to us, and to be on the safe side, we are strongly advising all of our partners and users to reset their passwords. When defining a new password we recommend that your new password contains eight or more characters, is not obvious (EG: password1234), and not to use the same password on multiple sites."

Experts, however, have warned that the hack demonstrates that just because a company does not hold financial data, it could still be targeted for re-used passwords. Given the large volume of data reportedly stolen, attackers will be hoping to find some passwords that have been used elsewhere on other services.

This tactic was used most recently in the attack against the National Lottery group Camelot, which was forced to suspend almost 27,000 user accounts that were accessed through re-used passwords.

Dailymotion, a Paris-based video service similar to Youtube, is the 113th most popular website in the world, according to Alexa rankings.

As with any other data breach, users are encouraged to be on the look out for suspicious emails that may be phishing scams hiding malicious links. This also includes 'spear phishing' attacks, which exploit known personal information, such as bank suppliers or links to regularly visited websites.

If you believe your details could have been stolen in this, or any other attack, LeakedSource has a handy tool for tracing if your email address is included in leaked datasets.

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.