Dailymotion hack exposes millions of accounts
A hacker extracted 85.2 million unique email addresses and usernames from the company’s systems, but about one-in-five accounts — roughly 18.3 million– had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack.
The hack is believed to have been carried out on October 20 by a hacker, whose identity isn’t known, according to LeakedSource, a breach notification service, which obtained the data.
Dailymotion launched in 2005, and is currently the 113rd most visited website in the world, according to Alexa rankings.
A sample of the data was provided to ZDNet.
We verified the data by matching up plaintext passwords with the hashed password found against the email address using a readily available online tool. In one case, the email address and password combination were unique to Dailymotion, suggesting that the data could only have come from the video sharing site.
We also reached out to a number of people whose email addresses were found in the data but nobody responded by the time of publication.
But because of the password security and that only a portion of the accounts had associated passwords, the damage is somewhat limited for Dailymotion customers.
In any case, it can’t hurt to change your password to be safe.
When reached on Monday, a Dailymotion executive would not provide comment. If that changes, we will update here.