Dailymotion admits hack exposed millions of accounts

The video-sharing site remains one of the most visited websites on the internet.

(Image: file photo)

Millions of accounts associated with video-sharing site Dailymotion, one of the biggest video platforms in the world, have been stolen.

A hacker extracted 85.2 million unique email addresses and usernames from the company's systems, but about one-in-five accounts -- roughly 18.3 million-- had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack.

The hack is believed to have been carried out on Oct. 20 by a hacker, whose identity isn't known, according to LeakedSource, a breach notification service, which obtained the data.

Dailymotion launched in 2005 and is currently the 113rd most-visited website in the world, according to Alexa rankings.

When reached on Monday, a Dailymotion executive would not provide comment. But on Tuesday, the company admitted the breach in a blog post.

"The security of your account is very important to us and we take all necessary steps to identify any shortcomings and addressed. Therefore, as a precaution, we urge all our partners and users to now reset their passwords."

A sample of the data was provided to ZDNet.

We verified the data by matching up plaintext passwords with the hashed password found against the email address using a readily available online tool. In one case, the email address and password combination were unique to Dailymotion, suggesting that the data could only have come from the video-sharing site.

We also reached out to a number of people whose email addresses were found in the data, but nobody responded by the time of publication.

But because of the password security and that only a portion of the accounts had associated passwords, the damage is somewhat limited for Dailymotion customers.

In any case, it can't hurt to change your password to be safe.