Daily Motion cyber-attack leaks 80 million user emails
A cyber-attack on the video hosting website Daily Motion has resulted in more than 80 million user details being leaked, according to a breach detection site.
Leakedsource claims that the usernames and email addresses of more than 85 million users of the website, as well as 18 million encrypted passwords, were stolen in a cyber-attack in October.
However, because the passwords have been scrambled by an encryption algorithm, user accounts should not be accessible to hackers.
In response, Dailymotion has advised users to change their passwords, but has not confirmed the number of accounts affected.
“It has come to our attention that a potential security risk, coming from outside Dailymotion, may have compromised the passwords for a certain number of accounts,” the site said in a blog post.
“The hack appears to be limited and no personal data has been compromised. Your account security is extremely important to us and to be on the safe side we are strongly advising all of our partners and users to reset their passwords. When defining a new password we recommend that your new password contains eight or more characters, is not obvious (eg, password1234) and not to use the same password on multiple sites.”
The attack is the latest in an extensive list of websites and services to be breached this year and comes just one day after WiFi passwords from TalkTalk and Post Office users hit by a cyber-bug aimed at disrupting broadband routers were claimed to be at risk.
Security experts supported Dailymotion's message encouraging users to strengthen the passwords they are currently using.
David Gibson, from cyber software firm Varonis, said: “If you’re not using strong passwords, enabling two-factor authentication where available, (if you are) entering the same password on multiple sites, or relying strictly on a password manager, then this breach should re-motivate you.”
He also called on more companies to improve their response to such attacks.
“Burying your head in the sand and hoping nothing bad will ever happen isn’t an option these days, so companies should absolutely have a plan for what happens after they discover a breach.
“Just like it would be silly to choose not to have a plan for a fire in the building, it doesn't make sense not to have a response plan for a data breach.”
Tesco Bank had to pay £2.5m to 9,000 customers following a cyber-attack last month that affected 20,000 current accounts.