Image: DailyMotion
Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned.
Credentials stuffing is a security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain illegal access on accounts on another site.
According to an email sent out to impacted customers, and seen by ZDNet, the credential stuffing started last weekend, on January 19, and appears to have been successful in some cases, with hackers gaining access to a limited number of accounts.
The company said its security team discovered the attack and it took “all necessary steps” to block it. Since last Saturday, the company has been logging off users who it believes were impacted and resetting their passwords.
The email sent to all affected customers contains a link for users to reset their password and regain control of their account.
The French company has also notified CNIL (Commission nationale de l’informatique et des libertés), France’s data privacy watchdog, as demanded by Europe’s new GDPR legislation.
A DailyMotion spokesperson did not reply to a request for comment ZDNet sent on Saturday, January 26, seeking additional details.
DailyMotion isn’t the only company that has suffered a credential stuffing attack in the past few months. Ad blocker company AdGuard suffered one in September, and so did banking giant HSBC and restaurant chain Dunkin’ Donuts in November.
The latest victim was Reddit, who only two weeks ago announced that hackers had gained illegal access to some accounts following a credential stuffing attack.
In December 2016, DailyMotion also disclosed a major security breach after a hacker stole 85.2 million unique email addresses and usernames from the company’s systems, along with the passwords for 18.3 million accounts.
The video-sharing site remains one of the most visited websites on the internet, currently ranked #134 on the Alexa traffic ranking.
More data breach coverage:
Real-time location data for over 11,000 Indian buses left exposed onlineMystery still surrounds hack of PHP PEAR websitePopular WordPress plugin hacked by angry former employeeAdvertising network compromised to deliver credit card stealing code
Online casino group leaks information on 108 million bets, including user detailsTwitter bug revealed private tweets for some Android users for almost five yearsMassive breach leaks 773 million email addresses, 21 million passwords CNET
Marriott reveals data breach affecting 500 million hotel guests TechRepublic
Related Topics:
Security TV
Data Management
CXO
Data Centers