DailyMotion hack exposes millions of accounts

Following the news that an unknown hacker has supposedly breached video sharing platform DailyMotion and stolen details for 87.6 million accounts, please see below for a comment from Lee Munson, security researcher at Comparitech.com:

“While some 85 million users may be sweating over the apparent breach of DailyMotion, the actual damage caused by the attack, if confirmed, is likely to be very small indeed.

“The reason for that is the fact that the site used bcrypt hashing to protect users’ passwords, making them extremely hard to crack.

“Even though the use of a strong hashing function is extremely good news, it does not guarantee that passwords cannot be extracted, meaning users should still seriously consider changing them anyway.

“On a slightly more negative note, it does appear that email addresses may have been compromised though – DailyMotion account holders should therefore be on their guard against targeted attacks, especially phishing emails which may come their way, asking them to click on a link to update their passwords!

“Also concerning, if the breach is confirmed, is the fact that the attack is believed to have occurred on 20 October, giving the attacker(s) plenty of opportunity to make good use of any stolen credentials long before any official word comes from DailyMotion itself.”