Security News Dailymotion urges users to reset passwords in wake of possible breach

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Breach notification service LeakedSource has added information about over 87 million Dailymotion users to its search index.
The information includes 87+ million email addresses, user IDs, and over 18 million associated passwords. It was apparently stolen in a breach that happened around October 20, 2016.

The passwords have been put through the bcrypt hashing algorithm, so they can’t be easily cracked. LeakedSource said they won’t attempt to crack them, but told Bleeping Computer that “a determined hacker who wants to crack one person’s hash may still be able to.”

Dailymotion has advised users to reset their passwords, just to be on the safe side.

“When defining a new password we recommend that your new password contains eight or more characters, is not obvious (EG: password1234), and not to use the same password on multiple sites,” the company said. “If you use Dailymotion in your app or services though the oAuth2 grant_type=password you should update your app or services with your new password.”

The company has not confirmed that they have been breached, but simply said that it has come to their attention that passwords for a certain number of accounts might have been compromised.

“The hack appears to be limited, and no personal data has been comprised,” they added.

Hats off to Dailymotion for keeping the passwords well secured, and for promptly acknowledging the possibility of risk for some account holders.

“The breach at Dailymotion may not be catastrophic (since the passwords retrieved were protected with bcrypt), but users who had their details compromised should be on the lookout for subsequent attacks,” warns Vishal Gupta, CEO of Seclore.

“The algorithm protecting the passwords could theoretically be cracked, however, the greater risk lies in targeted phishing campaigns. Often times following a breach, cybercriminals will send out fraudulent messages purporting to come from the affected organization, in a last ditch attempt to retrieve valuable data from users. This data is then used to carry out additional attacks, often targeted at bank accounts, healthcare portals, and other sources of sensitive information.”

Full Article..Dailymotion urges users to reset passwords in wake of possible breach - Help Net Security
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
"Dailymotion urges users to reset passwords in wake of possible breach"
=> Who's next company to "confess" that ? :D

"The company has not confirmed that they have been breached, but simply said that it has come to their attention that passwords for a certain number of accounts might have been compromised".
over 87 million Dailymotion users
=> How to minimize the problem :rolleyes:


It has already happened that when I wanted to register on a website I had these messages :
- "Your password is too long " (without saying the max length...)
=> after multiple attempts : "only digits are allowed"
=> ok, modified : "Your password is too small"

=> ... hasta la vista ... website
 
Last edited:
M

MalwareBlockerYT

"Dailymotion urges users to reset passwords in wake of possible breach"
=> who's next company to "confess" that ? :D

"The company has not confirmed that they have been breached, but simply said that it has come to their attention that passwords for a certain number of accounts might have been compromised".
=> How to minimize the problem :rolleyes:


It has already happened that when I wanted to register on a website I had these messages :
- "Your password is too long " (without saying the max length...)
=> after multiple attempts : "only digits are allowed"
=> ok, modified : "Your password is too small"

=> ... hasta la vista ... website
I really hate websites that limit your passwords to a max character length of for example 16... I want to make a 75 character passwords so why don't you let me? Free will!
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Which of the following two passwords is stronger,
more secure, and more difficult to crack?

D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!

ENTROPY: If you are mathematically inclined, or if you have some security knowledge and training, you may be familiar with the idea of the “entropy” or the randomness and unpredictability of data. If so, you'll have noticed that the first, stronger password has much less entropy than the second (weaker) password. Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!

Copied & Paste From: ( GRC's | Password Haystacks: How Well Hidden is Your Needle?   )
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
I really hate websites that limit your passwords to a max character length of for example 16... I want to make a 75 character passwords so why don't you let me? Free will!
Why 75 and not 76 ? ;)

The longest I used was a 64 chars long without password manager at boot time.
The problem I had the first time :
=> the tool that I used saved the chars as a qwerty keyboard, but I have entered them as azerty .... it took a long time to successfully write the good 64 chars - with modifications (hidden when entering the password, system encrypted)
 
Last edited:
M

MalwareBlockerYT

Why 75 and not 76 ? ;)

The longest I used was a 64 chars long without password manager at boot time.
The problem I had the first time :
=> the tool that I used saved the chars as a qwerty keyboard, but I have entered them as azerty .... it took a long time to successfully write the good 64 chars - with modifications (hidden when entering the password, system encrypted)
Next time I will make it 76!

And damn that must have been fun :D
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Which of the following two passwords is stronger,
more secure, and more difficult to crack?

D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!

ENTROPY: If you are mathematically inclined, or if you have some security knowledge and training, you may be familiar with the idea of the “entropy” or the randomness and unpredictability of data. If so, you'll have noticed that the first, stronger password has much less entropy than the second (weaker) password. Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!

Copied & Paste From: ( GRC's | Password Haystacks: How Well Hidden is Your Needle? )
Nice post and explanation :)

But if we prefer penguins ? :D
/DardiM has disconnected
 
  • Like
Reactions: Venustus and Svoll

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
I know the feeling where security employees are taking hard time to implement strong mechanism, however attacks can be nowhere and will suddenly infect no matter what circumstances.
 
  • Like
Reactions: Venustus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top