Popular video sharing platform DailyMotion announced it has become the victim of a credential stuffing attack. According to an email sent to affected customers, the attack started over the weekend beginning January 19.
DailyMotion is one of the most popular video-sharing sites and is ranked number 134 on the Alexa traffic ranking.
What is Credential Stuffing?
A few sites have had problems with these attacks in recent months. Credential stuffing is a security term used to describe hackers gaining access to sites with leaked usernames and passwords. The credentials are usually obtained from other sites and then used to try and gain access to different sites.
According to the email from DailyMotion, the attack was successful in some cases. It confirmed that hackers were able to gain access to a limited number of accounts.
Discovery of the Attack
The video platform said its security team discovered the attack and took steps to block it. From last Saturday, the company has been logging off users it believes were affected and resetting their passwords.
The company sent an email to affected customers, with a link to reset their passwords. They also notified CNIL (Commission nationale de l’informatique et des libertés) The CNIL is France’s data privacy unit, and all companies in France are required to inform them under GDPR legislation.
Other companies have suffered credential stuffing attacks in recent months. In September, Ad Blocker company AdGuard became a victim. In November, global bank HSBC and restaurant chain Dunkin’ Donuts were also attacked.
Two weeks ago, social platform Reddit announced that it had become a victim. They stated hackers had gained access to some accounts following the attack.
DailyMotion suffered a previous security attack in 2016. On this occasion, a hacker managed to steal 85.2 million unique email addresses and usernames. They also took 18.3 million passwords from users accounts.