User IDs and email addresses for 87,610,750 accounts at the video sharing site Dailymotion were recently provided to the search engine Leaked Source. According to Leaked Source, the breach took place on October 20.
In 18.3 million cases, hashed passwords were also exposed, IT PRO reports.
Seclore CEO Vishal Gupta told eSecurity Planet by email that any user whose details were exposed should be on the lookout for attacks. “The algorithm protecting the passwords could theoretically be cracked, however the greater risk lies in targeted phishing campaigns,” he said.
“Oftentimes following a breach, cybercriminals will send out fraudulent messages purporting to come from the affected organization, in a last ditch attempt to retrieve valuable data from users,” Gupta added. “This data is then used to carry out additional attacks, often targeted at bank accounts, healthcare portals, and other sources of sensitive information.”
Still, that kind of targeting may have been what led to the Dailymotion breach in the first place — in a blog post published yesterday, the company implied that the accounts were exposed via password reuse, stating, “It has come to our attention that a potential security risk coming from outside Dailymotion may have [compromised] the passwords for a certain number of accounts.”
“The hack appears to be limited, and no personal data has been [compromised],” the company added.
In response, all Dailymotion users are being advised to change their passwords, and to choose a new password that’s unique and contains eight or more characters.
But improving consumer password security continues to be a challenge.
A recent Centrify survey [PDF] of 525 consumers found that while more than 70 percent of respondents claim to always think about their security and privacy when shopping online, just 32 percent always use different passwords for different websites.
Almost 14 percent admitted sharing passwords with friends and family so they can access their accounts, and almost 13 percent said they would accept a discount or special offer from a retailer in exchange for their passwords.
Just 52 percent of respondents always check that there’s a padlock icon in the browser before paying for items online.