Millions of accounts associated with video-sharing site Dailymotion, one of the biggest video platforms in the world, have been stolen.
A hacker extracted 85.2 million unique email addresses and usernames from the company's systems, but about one-in-five accounts -- roughly 18.3 million-- had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack.
The hack is believed to have been carried out on Oct. 20 by a hacker, whose identity isn't known, according to LeakedSource, a breach notification service, which obtained the data.
Dailymotion launched in 2005 and is currently the 113rd most-visited website in the world, according to Alexa rankings.
When reached on Monday, a Dailymotion executive would not provide comment. But on Tuesday, the company admitted the breach in a blog post.
"The security of your account is very important to us and we take all necessary steps to identify any shortcomings and addressed. Therefore, as a precaution, we urge all our partners and users to now reset their passwords."
A sample of the data was provided to ZDNet.
We verified the data by matching up plaintext passwords with the hashed password found against the email address using a readily available online tool. In one case, the email address and password combination were unique to Dailymotion, suggesting that the data could only have come from the video-sharing site.
We also reached out to a number of people whose email addresses were found in the data, but nobody responded by the time of publication.
But because of the password security and that only a portion of the accounts had associated passwords, the damage is somewhat limited for Dailymotion customers.
In any case, it can't hurt to change your password to be safe.