A total of 87.6 million accounts belonging to 85 million users of the video site DailyMotion appear to have been obtained by hackers. That puts it ahead of the massive DropBox and Tumblr leaks on the all-time list.
Image: Lee Mathews
A copy of the database obtained by LeakedSource appears to contain valid email addresses and passwords. In many cases, the passwords were strongly hashed using the Bcrypt algorithm — a much better choice than the simple MD5 hashing reported;y used by xHamster.
Not in all cases, however. Plain text passwords are shown in the dump for around 18 million users. It’s not yet clear how those passwords were exposed. They could have been stored as plain text, or they could have been cracked by someone who had access to the data.
LeakedSource told BleepingComputer that they opted not to attempt any decryptions because it would have been “a waste of resources for us to crack them.” They added that “a determined hacker who wants to crack one person’s hash may still be able to.”
Several days passed before DailyMotion acknowledged the massive password dump, but they have since published a blog post on their site. At this point, they are only urging users to update their password — resets are not being forced at this point.
If you’re concerned that your own DailyMotion account has been compromised, then you should definitely change your password immediately… and if you’ve re-used that password on any other websites, change it there, too. You can also search LeakedSource to see if your account was listed in the dump.