Daily motion has been breached with the hackers making off with 85 million accounts.
The video hosting service, and the 113th most popular site on the internet, was robbed of its users usernames, emails and, for many, hashed passwords.
First reported by LeakedSource.com, the breach notification database, the breach was apparently carried out around the 20th October.
While 85 million usernames and emails were taken, 18 million hashed passwords were also taken. As some have noted, those passwords were hashed with bcrypt, a notably resilient level of encryption which will make them harder and slower to crack.
Ilia Kolochenko, CEO of web security firm High-Tech Bridge told us that he suspects an insecure web application was at fault here: "By examining currently available information about the incident, we can suggest that an insecure web application was probably at the origins of the breach."
"The Gartner Hype Cycle for Application Security 2016 says that applications, not infrastructure, represent the main attack vector for data exfiltration. As we can see by this example, even the largest companies fail to properly protect their web applications, putting their users at great risk.”
Kolochenko added that we should expect “mass spear-phishing attacks combined with password re-use, which will allow cyber-criminals to compromise many different accounts belonging to the victims. The main wave may come just before or during Christmas shopping – when people are stressed and less attentive, while attackers will have enough time to carefully prepare their campaigns."
DailyMotion did not respond for comment in time for publication.
This article originally appeared at scmagazineuk.com