Millions of accounts on the French video-sharing site Dailymotion have been hacked, with details including email addresses and usernames reportedly stolen.
An unknown hacker extracted 85.2 million unique email addresses and usernames from Dailymotion, according to LeakedSource. Around one-in-five accounts, about 18.3 million, had associated passwords. The passwords were hashed, meaning they were scrambled and so not easy to read, Dailymotion users are still at risk of phishing attacks.
Javvad Malik, security advocate at AlienVault told WIRED: “While it is too early to establish the why or how, of what happened, the attack against Dailymotion serves as a reminder that a company doesn’t need to hold financial information or any other form of overtly valuable data to be a target. Attackers will go after a company, particularly ones with large user bases for a variety of reasons.”
Due to the amount of passwords taken in the hack, Malik warned that these passwords could be used as re-use attacks against other services, similar to the attacks against Camelot perpetrated by reused passwords.
Last week, Camelot was forced to suspend certain accounts after suspicious activity was spotted. It stressed that there had been “no unauthorised access to core National Lottery systems or any of our databases, which would affect National Lottery draws or payment of prizes".
If you’re concerned that your data has been accessed in the hack, you can check LeakedSource’s database to see if your details are included in those that had been taken.
Mark James, IT security specialist at ESET told WIRED that until it is made public what has been stolen, there is still a need to take action to protect your own data.
“Without further information about what was or was not stolen we won’t know the extent of the damage but needless to say more data being added to your already overflowing online profile floating around the web is not good for any of us.”
- Check and change your passwords on DailyMotion
- If you have used that same password for other accounts then change those immediately
- Consider using a password manager for extra security if you’re not already using one
- Be extra-alert to suspicious emails that could be spam or phishing attacks
This article was originally published by WIRED UK
