Video sharing site DailyMotion, which is one of the largest video sharing and viewing platforms on the Internet, has reportedly been compromised. The DailyMotion hack was announced breach notification service, LeakedSource on Monday which said that details of 85 million users were stolen by unknown hackers. LeakedSource revealed that the unknown hackers stole 85.2 million records consisting of usernames, email addresses, and some hashed passwords from DailyMotion. LeakedSource, who provides a searchable database of user details leaked in various hacks, has added the DailyMotion stolen data to its search index. Since opening, LeakedSource has added nearly 3 billion records to its database. ZDNet confirmed that the data did come from the video sharing website, but representatives for Vivendi, the Paris-based majority owner of DailyMotion didn’t respond to comments. The damage is somewhat restricted for DailyMotion users, as only a portion of the accounts had associated passwords because of the password security. However, it may be a good idea for those 18 million users who had their hashed password leaked to change their password on DailyMotion and on other services where they have reused the password. The users who feel that their account information was included in the DailyMotion leak can check the same via the LeakedSource website. Launched in 2005, DailyMotion is currently the 113rd most popular website in the world. When reached on Monday, a DailyMotion executive would not provide comment. But on Tuesday, the company admitted the breach in a blog post. “The security of your account is very important to us and we take all necessary steps to identify any shortcomings and addressed. Therefore, as a precaution, we urge all our partners and users to now reset their passwords.” A sample of the data was provided to ZDNet.
Image source: https://www.bleepingcomputer.com/news/security/dailymotion-allegedly-hacked-85-million-user-accounts-stolen/
Now, you might not think the password for a video-watching website is that important? And, to be fair, it probably isn’t for most users. But when you consider that so many people make the mistake of reusing passwords on different online services some of which are much more critical than others then you can begin to understand that even a breach at a non-critical site could have dramatic implications for you personally or professionally. Don’t wait until the New Year to make a resolution to improve your password practices. Get yourself a good password manager to securely store your passwords, randomly generate new ones, and consign weak and reused passwords to the dustbin. Where possible, enable multi-factor authentication in order to give hackers an additional hurdle to gain access to your account – in many cases it will be enough to stop them dead in their tracks and find a softer target. Meanwhile, if you are an online business, take a close look at your web applications and consider whether they might contain flaws and vulnerabilities that a malicious attacker could exploit to siphon off private information about your customers. And, of course, ensure that any sensitive information (such as your users’ passwords) are salted and hashed with a strong algorithm, so that even if there is a breach the impact is minimized.