Dailymotion admits hack exposed millions of accounts

The video-sharing site remains one of the most visited websites on the internet.

(Image: file photo)

Millions of accounts associated with video-sharing site Dailymotion, one of the biggest video platforms in the world, have been stolen.

A hacker extracted 85.2 million unique email addresses and usernames from the company's systems, but about one-in-five accounts -- roughly 18.3 million-- had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack.

The hack is believed to have been carried out on Oct. 20 by a hacker, whose identity isn't known, according to LeakedSource, a breach notification service, which obtained the data.

Dailymotion launched in 2005 and is currently the 113rd most-visited website in the world, according to Alexa rankings.

When reached on Monday, a Dailymotion executive would not provide comment. But on Tuesday, the company admitted the breach in a blog post.

"The security of your account is very important to us and we take all necessary steps to identify any shortcomings and addressed. Therefore, as a precaution, we urge all our partners and users to now reset their passwords."

A sample of the data was provided to ZDNet.

We verified the data by matching up plaintext passwords with the hashed password found against the email address using a readily available online tool. In one case, the email address and password combination were unique to Dailymotion, suggesting that the data could only have come from the video-sharing site.

We also reached out to a number of people whose email addresses were found in the data, but nobody responded by the time of publication.

But because of the password security and that only a portion of the accounts had associated passwords, the damage is somewhat limited for Dailymotion customers.

In any case, it can't hurt to change your password to be safe.

Here's why Facebook is buying passwords from the dark web
Show Comments