Placeholder image

Dailymotion hacked – 87 million records stolen

29 December 2018

According to the breach notification service LeakedSource, the popular video sharing platform DailyMotion has been hacked, and over 87 million records of user information have been stolen.

Apparently the attack took place on October 20th, 2016, but the news went out only recently, on the 5th of December, so for more than one month the data probably have been circulating all over the world.

What has been stolen?

The hacked data consists of more than 87 million email addresses and usernames. About 20% of these accounts had also hashed passwords linked to them.
The password were protected using the Bcrypt algorithm, which is a very secure algorithm, so don’t worry, even if your data has been stolen, is very unlikely that somebody could decrypt your password.

Dailymotion woke up on the 6th of December, saying to have learned that the passwords of a number of accounts were compromised due to an external security problem, and that the hack seems to be limited and puts no personal data at risk.

What should you do now?

If you are a Dailymotion user, and you have an account with them, we suggest you to change your password, following these steps:

• Sign into your account at dailymotion.com
• Use the drop-down menu in the upper right corner to access your settings.
• Select Account Settings.
• Enter a new password and save the changes.

How to avoid problems in the future?

Many companies suggest a password manager, in order to be able to use long and complex passwords.
We don’t think this is a good strategy, what if someone hacks your password manager? Are password managers secure?
The ideal would be to use long and complex passwords, and remember them without using a password manager software, but this is a very troublesome solution.
So what?
All of these web “giants” like Dailymotion, Yahoo, Facebook, Google, expect you to give them your real data. But are they able to guarantee the safety of your data? We don’t think so. So we suggest to don’t give them your real data when you register to their services, unless strictly necessary.