DailyMotion discloses credential stuffing attack

DailyMotion falls to credential stuffing attack two weeks after Reddit had the same fate.
Written by Catalin Cimpanu, Contributor
Image: DailyMotion

Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned.

Also: Credential stuffing attacks cause heartache

Credentials stuffing is a security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain illegal access on accounts on another site.

According to an email sent out to impacted customers, and seen by ZDNet, the credential stuffing started last weekend, on January 19, and appears to have been successful in some cases, with hackers gaining access to a limited number of accounts.

The company said its security team discovered the attack and it took "all necessary steps" to block it. Since last Saturday, the company has been logging off users who it believes were impacted and resetting their passwords.

The email sent to all affected customers contains a link for users to reset their password and regain control of their account.

DailyMotion email

The French company has also notified CNIL (Commission nationale de l'informatique et des libertés), France's data privacy watchdog, as demanded by Europe's new GDPR legislation.

A DailyMotion spokesperson did not reply to a request for comment ZDNet sent on Saturday, January 26, seeking additional details.

DailyMotion isn't the only company that has suffered a credential stuffing attack in the past few months. Ad blocker company AdGuard suffered one in September, and so did banking giant HSBC and restaurant chain Dunkin' Donuts in November.

The latest victim was Reddit, who only two weeks ago announced that hackers had gained illegal access to some accounts following a credential stuffing attack.

Must read

In December 2016, DailyMotion also disclosed a major security breach after a hacker stole 85.2 million unique email addresses and usernames from the company's systems, along with the passwords for 18.3 million accounts.

The video-sharing site remains one of the most visited websites on the internet, currently ranked #134 on the Alexa traffic ranking.

These are the worst hacks, cyberattacks, and data breaches of 2018

Related stories:

More data breach coverage:

Editorial standards