LeakedSource.com, a repository of breached data, added DailyMotion to its list of “Hacked Sites” on Monday. The site, which operates a subscription service of sorts for leaked data, claims to have information on 87,610,750 users of the video sharing site. DailyMotion would not confirm how many accounts had been compromised. The stolen data includes users’ email addresses, usernames and encrypted passwords. The passwords are reportedly encrypted with the bcrypt hashing function, with 10 rounds of rekeying; something that should theoretically make them more difficult to decipher. While that doesn’t make the passwords uncrackable, it does means that doing so could be an arduous process.
In a blog post on Tuesday the Paris-based company DailyMotion urged its users to reset their password. The company called on partners who integrate the video service into their own apps or platforms with OAuth 2.0 authentication to enforce a password reset as well. “The security of your account is very important to us and we take all necessary steps to identify any shortcomings and addressed.
Therefore, as a precaution, we urge all our partners and users to reset now their passwords,” the post reads. As is the case with most early investigations into breaches, it’s unclear exactly how – and when – the breach occurred. Some reports claim the hack stems from an incident in October. Other reports claim about 20 percent of the leaked usernames, about 18 million, have a password attached.
The company did not immediately return requests for comment on Tuesday. DailyMotion receives a fraction of the traffic YouTube gets but is still viewed as as a competitor, at least in the video streaming world. Vivendi, a French media conglomerate, purchased a 90 percent stake in the 11-year-old company last year. Orange, a French telecommunication firm, owns the other 10 percent.
The breach is the latest in a long line of incidents this year. It was reported last month that 400 million users of Adult FriendFinder, Penthouse.com, and Stripshow.com had data stolen in October. Old and in many instances out of date credentials from social networks such as LinkedIn, Twitter, Myspace, and Tumblr have also found their way onto LeakedSource’s database this year as well. None of those breaches made headlines quite like Yahoo’s admission in September that 500 million customer records were stolen from its network in 2014. Verizon, who agreed to buy Yahoo’s web assets for $4.83 billion back in July, is still ironing out the details around the sale in wake of the breach.