85 million accounts exposed in Dailymotion hack

While a breach is never fun, the website used bcrypt hashing on passwords

85 million accounts exposed in Dailymotion hack

Breach notification service LeakedSource, announced on Monday that they have obtained 85.2 million records from Dailymotion, one of the largest video platforms on the Web. The compromised data consists of email addresses, usernames, and some passwords.

ZDNet confirmed that the data did come from the entertainment website, but representatives for Vivendi, the Paris-based majority owner of Dailymotion didn’t respond to comments.

LeakedSource says that the data was possibly compromised on October 20, meaning it is possible criminals have been circulating the data for some time. It wasn’t clear when LeakedSource obtained the records.

While the email addresses and usernames are clearly visible in sample records seen by Salted Hash, only some of them have visible passwords (just over 18 million). Because Dailymotion used bcrypt to hash the passwords, cracking them will be more difficult than passwords that are hashed with SHA1 or MD5.

Such protection measures are a good thing, and help lower the impact of a data breach, but cracking bcrypt hashes isn’t impossible depending on the circumstances, as proven during the Ashley Madison incident. What bcrypt does is make the cracking process extremely slow, while requiring serious CPU power.

None of the email addresses in the sample list provided to Salted Hash responded to questions about the Dailymotion hack.

Last month, Salted Hash broke the story that 412 million FriendFinder Networks accounts were compromised, after LeakedSource provided additional details from the October incident. The compromised records were in six databases used on AdultFriendFinder.com, Cams.com, iCams.com, Penthouse.com, and Penthouse.com.

Since opening, LeakedSource has added nearly 3 billion records to its database.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)