Cyber Incident Victim: Dailymotion
Date:
Oct 2016
Location:
—
Summary
A major breach at the video-sharing platform DailyMotion resulted in the theft of 85.2 million unique email addresses and usernames, with approximately 18.3 million accounts also having associated passwords protected by bcrypt hashing. The attacker, whose identity remains unknown, exfiltrated the data, which was later obtained by a breach notification service. The company confirmed the incident and urged users to reset their passwords as a precautionary measure. Verification of a data sample confirmed its authenticity through matching plaintext passwords with hashed counterparts tied to specific email addresses. While the exposure of hashed passwords limited immediate risks due to bcrypt's resilience, the incident impacted a significant portion of the platform's user base.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 20, 2016, an unidentified hacker breached the systems of Dailymotion, a major global video-sharing platform ranked as the 113th most-visited website worldwide at the time. The attacker extracted 85.2 million unique email addresses and usernames from the company’s databases. Approximately 18.3 million of these accounts—representing one-fifth of the total—also contained associated passwords protected by the bcrypt hashing algorithm, which is designed to resist cracking attempts. The breach remained undisclosed until December 5, 2016, when LeakedSource, a breach notification service, obtained and publicized the stolen data. Dailymotion initially declined to comment when contacted by media on December 5 but acknowledged the incident in an official blog post the following day. The company stated it took security seriously and urged all users and partners to reset their passwords as a precautionary measure, though it did not specify how the breach was detected or whether law enforcement was involved.
ZDNet verified the authenticity of the stolen data by cross-referencing a sample provided by LeakedSource. Using an online tool, they confirmed that plaintext passwords matched the bcrypt-hashed versions associated with specific email addresses in the dataset. One tested account contained credentials unique to Dailymotion, confirming the data originated from the platform’s systems. Attempts to contact affected users listed in the sample yielded no responses before publication. The breach’s impact was partially mitigated by bcrypt’s robust password protection and the fact that only 21.5% of compromised accounts included password data. No evidence suggested financial information or other sensitive data beyond emails, usernames, and hashed passwords was exposed. Dailymotion did not disclose technical details about the attack vector, remediation steps, or whether third-party forensic investigators were engaged. The company’s public communication emphasized precautionary password resets but provided no further updates on the incident’s resolution or long-term security enhancements.