Daily Motion Breach: 86 Million Accounts Compromised

Daily Motion Breach: 86 Million Accounts Compromised

Video sharing site Daily Motion has become the latest internet firm to suffer a major data breach, after details from over 86 million accounts were hacked, according to LeakedSource.

The breach notification site says it now has a database of 87,610,750 account details.

These include user IDs and emails, and for 18 million users, hashed passwords, according to Bleeping Computer.

The passwords are apparently protected with the Bcrypt algorithm, which leaves them exposed to determined attackers.

Those 18m+ users with passwords exposed in the breach would be minded to change them and update credentials on any sites they reuse these log-ins on.

The breach is said to have taken place at the end of October this year.

Ilia Kolochenko, CEO of High-Tech Bridge, argued that an insecure web application is most likely the cause of the breach.

“We should expect and prepare ourselves for mass spear-phishing attacks combined with password re-use, which will allow cyber-criminals to compromise many different accounts belonging to the victims,” he added. “The main wave may come just before or during Christmas shopping – when people are stressed and less attentive, while attackers will have enough time to carefully prepare their campaigns."

Javvad Malik, security advocate at AlienVault, added that the breach proves firms don’t have to hold sensitive financial information to become targets.

“Attackers will go after a company, particularly ones with large user bases for a variety of reasons,” he argued.

“In this case, we may see the stolen passwords used as re-use attacks against other services, in very much the same way we recently saw attacks against Deliveroo and Camelot perpetrated by reused passwords.”

In the case of Camelot, around 26,000 accounts were hacked because of reused credentials, while Deliveroo’s lack of fraud checks meant hackers could take over users’ accounts with compromised credentials and pay for items with their stored credit card details.

Source: Information Security Magazine