An unknown hacker has supposedly breached video sharing platform DailyMotion and stolen details for 87.6 million accounts, belonging to approximately 85 million users, according to data breach index website LeakedSource.
LeakedSource, who provides a searchable database of user details leaked in various hacks, has added the DailyMotion stolen data to its search index.
Security breach took place in October 2016
According to the service, the DailyMotion breach appears to have taken place around October 20, 2016, which is 47 days ago.
Based on samples received and analyzed by your reporter, the stolen information includes user IDs, emails, and for some users, hashed passwords.
The passwords were protected with the Bcrypt hashing algorithm, with 10 rounds of rekeying. Over 18 million records have a password listed.
LeakedSource, who often cracks the passwords from leaked data dumps, doesn’t plan on doing so, due to the algorithm’s strenght.
“It would be a waste of resources for us to crack them, so we typically don’t bother,” a LeakedSource spokesperson told Bleeping Computer via email. “A determined hacker who wants to crack one person’s hash may still be able to.”
18 million users need to change their passwords
For the 18 million users who had their hashed password leaked, it may be a good idea to change their password on DailyMotion and on other services where they have reused the password. Users can check if their account information was included in the DailyMotion leak via the LeakedSource website.
Because not all accounts included an associated password, most users are currently in danger of having their email address added to various mass-mailing lists and might see an uptick in spam messages.
Bleeping Computer has reached out to a DailyMotion representative via email. We’ll update the article with any information the company provides.