The information includes 87+ million email addresses, user IDs, and over 18 million associated passwords. It was apparently stolen in a breach that happened around October 20, 2016.
The passwords have been put through the bcrypt hashing algorithm, so they can’t be easily cracked. LeakedSource said they won’t attempt to crack them, but told Bleeping Computer that “a determined hacker who wants to crack one person’s hash may still be able to.”
Dailymotion has advised users to reset their passwords, just to be on the safe side.
“When defining a new password we recommend that your new password contains eight or more characters, is not obvious (EG: password1234), and not to use the same password on multiple sites,” the company said. “If you use Dailymotion in your app or services though the oAuth2 grant_type=password you should update your app or services with your new password.”
The company has not confirmed that they have been breached, but simply said that it has come to their attention that passwords for a certain number of accounts might have been compromised.
“The hack appears to be limited, and no personal data has been comprised,” they added.
Hats off to Dailymotion for keeping the passwords well secured, and for promptly acknowledging the possibility of risk for some account holders.
“The breach at Dailymotion may not be catastrophic (since the passwords retrieved were protected with bcrypt), but users who had their details compromised should be on the lookout for subsequent attacks,” warns Vishal Gupta, CEO of Seclore.
“The algorithm protecting the passwords could theoretically be cracked, however, the greater risk lies in targeted phishing campaigns. Often times following a breach, cybercriminals will send out fraudulent messages purporting to come from the affected organization, in a last ditch attempt to retrieve valuable data from users. This data is then used to carry out additional attacks, often targeted at bank accounts, healthcare portals, and other sources of sensitive information.”
lia Kolochenko, CEO of web security firm High-Tech Bridge, says that by examining currently available information about the incident, they can suggest that an insecure web application was probably at the origins of the breach.