You are currently viewing DailyMotion discloses credential stuffing attack

DailyMotion discloses credential stuffing attack

Credentials stuffing is a security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain illegal access on accounts on another site.

Do not let cyber criminals gain access to your important files. Protect your privacy with the next-generation of cloud storage and sharing solutions – SkyFlok.

Our innovative technology protects your data by spreading it across multiple locations. If an attacker wants to compromise your files he/she needs to compromise multiple locations before having a chance to look at your data. Join us!

Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned.

According to an email sent out to impacted customers, and seen by ZDNet, the credential stuffing started last weekend, on January 19, and appears to have been successful in some cases, with hackers gaining access to a limited number of accounts.

The company said its security team discovered the attack and it took “all necessary steps” to block it. Since last Saturday, the company has been logging off users who it believes were impacted and resetting their passwords.

The email sent to all affected customers contains a link for users to reset their password and regain control of their account.

The French company has also notified CNIL (Commission nationale de l’informatique et des libertés), France’s data privacy watchdog, as demanded by Europe’s new GDPR legislation.

A DailyMotion spokesperson did not reply to a request for comment ZDNet sent on Saturday, January 26, seeking additional details.

DailyMotion isn’t the only company that has suffered a credential stuffing attack in the past few months. Ad blocker company AdGuard suffered one in September, and so did banking giant HSBC and restaurant chain Dunkin’ Donuts in November.

The latest victim was Reddit, who only two weeks ago announced that hackers had gained illegal access to some accounts following a credential stuffing attack.

In December 2016, DailyMotion also disclosed a major security breach after a hacker stole 85.2 million unique email addresses and usernames from the company’s systems, along with the passwords for 18.3 million accounts.

The video-sharing site remains one of the most visited websites on the internet, currently ranked #134 on the Alexa traffic ranking.