LeakedSource has claimed that email addresses, usernames, and passwords have been accessed by the hackers responsible for a recent Dailymotion cyberattack. Dailymotion is one of the biggest internet video sharing platforms and, according to Alexa, is the world wide web’s 113th most popular site. Dailymotion recorded 148 million hits in April 2015.
The cyberattack is believed to have happened on the 20th of October 2016. Therefore, it may be the case that account details might already have been used for phishing attacks or could have sold on to different groups or individuals.
Around 85.2 million Dailymotion users are thought to have been affected by the cyberattack. Those users impacted by the breach have had their unique username and email address jeopardised, however it is suspected that the individual responsible for the attack failed to obtain more than 18.3 million passwords. Thankfully for Dailymotion account holders, their passwords were encrypted with bcrypt, which is known to provide better protection than other hashing algorithms such as MD5 or SHA1.
Although it is possible to break passwords which have been hashed using bcrypt, the procedure is slow. This affords users some time to modify their passwords and protect their accounts. Nevertheless, even with the exclusion of passwords, users of the site remain at risk. Cybercriminals might try to send phishing emails in order to trick the recipients into revealing their passwords. The fraudulently obtained email addresses could be used in spamming campaigns which are responsible for the spread of malware and ransomware.
Victims of the Dailymotion cyberattack should be ultra-vigilant for both phishing emails and malicious messages. Particular care should be taken when replying to any email message, notably those which contain hyperlinks and / or attachments.
If victims have used the same password on numerous web platforms, they should change passwords on every online account on which identical passwords were employed.
LeakedSource holds a database of the email addresses which have been jeopardised in data breaches. Presently, over 2.9 billion records are included in the organization’s database. Additionally, 30 data breaches from 2016 alone are still to be added to LeakedSource’s database, which will bring the total figure to more than 3 billion.
Users who are worried that their account details may have been breached in this or previous data breaches, may verifying their email address against the LeakedSource database by clicking on this link .