IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Dailymotion hack exposes '85 million' user accounts

Re-used passwords suspected to be used in attack against the French video service

binary on a screen with words 'hacking attack'

A hack on French video-sharing site Dailymotion has exposed millions of user account details, with email addresses and usernames reportedly leaked online.

More than 85 million accounts were compromised in the attack, 18.3 million of which had associated passwords, according to LeakedSource, a security breach notification website that revealed the attack took place on 20 October.

Although the passwords were 'hashed', or jumbled to prevent attackers reading them easily, users are likely vulnerable to targeted phishing scams.

LeakedSource, which also discovered a recent hack on AdultFriendFinder, said the identity of the person behind the latest attack is unknown.

Dailymotion denied that any personal data had been compromised, and said the security threat came "from outside Dailymotion", possibly a reference to re-used passwords from cyber attacks on the likes of LinkedIn.

It said in a blog post today: "The hack appears to be limited, and no personal data has been compr[om]ised. Your account security is extremely important to us, and to be on the safe side, we are strongly advising all of our partners and users to reset their passwords. When defining a new password we recommend that your new password contains eight or more characters, is not obvious (EG: password1234), and not to use the same password on multiple sites."

Experts, however, have warned that the hack demonstrates that just because a company does not hold financial data, it could still be targeted for re-used passwords. Given the large volume of data reportedly stolen, attackers will be hoping to find some passwords that have been used elsewhere on other services.

This tactic was used most recently in the attack against the National Lottery group Camelot, which was forced to suspend almost 27,000 user accounts that were accessed through re-used passwords.

Dailymotion, a Paris-based video service similar to Youtube, is the 113th most popular website in the world, according to Alexa rankings.

As with any other data breach, users are encouraged to be on the look out for suspicious emails that may be phishing scams hiding malicious links. This also includes 'spear phishing' attacks, which exploit known personal information, such as bank suppliers or links to regularly visited websites.

If you believe your details could have been stolen in this, or any other attack, LeakedSource has a handy tool for tracing if your email address is included in leaked datasets.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022