The video sharing portal was attacked in mid-October. Here’s how to find out if you’ve been hacked and what to do if your password is stolen
Another day, another data breach. This time it was DailyMotion – famous video-sharing platform – robbed of millions of data of its users. The notification of the breach came from LeakedSource after the service had received 85.2 million data from DailyMotion last Monday.
The DailyMotion data breach seems to have occurred last October 20, 2016, which means that the data has been circulating in hacker circles for over a month. The haul, as mentioned, amounts to 85.2 million unique email addresses and usernames, and about 20 percent of the accounts – more than 18 million users – were also stolen hashes linked to the password, which is that random string of text that replaces the actual keyword to protect it. The good news is that the passwords are protected by the Bcrypt hashing algorithm, so, it is very difficult for cyber criminals to get hold of the users’ passwords as well.
The encryption held up
Bcrypt is an encryption algorithm that makes the hashing process so slow – because it reassigns ten keys each time – that it would take centuries for an attacker to decrypt the passwords using the technique known in jargon as “brute force.” ZDNet received a sample of the stolen data and confirmed that it did indeed come from the Dailymotion site. Vivendi, Dailymotion’s majority shareholder, has yet to issue a statement.
How to find out if you’ve been hacked
Those who think they’re among those 18 million DailyMotion users whose password hash has also been hacked have no choice but to change the password on the site in question, and on other sites where the same password has been used. LeakedSource, by the way, reports that it has added stolen data to its database, so all you have to do is log on to the site and do a quick check.