Dailymotion, the online video streaming service have been hit by a large scale and ongoing credential stuffing attack resulting in compromising the data of several users.
Paris-based Dailymotion stated in a press conference that their technical support has successfully contained the attack by implementing measures to limit its scope. All the users who have been affected by the attack has been contacted and they have also informed the CNIL, the French federal agency which looks into data protection regulations. The company is logging off its users who is believed to have been impacted in the attack and are resetting their passwords.
The users are sent email which contains the link to reset the passwords and get access to their accounts.
Credential stuffing is a form of cyber-attack which is performed when an attacker tries to gain access to online websites or accounts using passwords which was already stolen earlier or leaked by unrelated web services. Usually this method becomes successful as many users register for services using the same credentials again and again.
When people tend to share the same password over multiple sites, performing credential stuffing attack becomes an easy task for the malicious actors. There are several password management tools available which makes it easier to generate and manage the passwords. Always make sure to use unique, strong passwords or passphrases and try not to use the same password against multiple accounts.
DailyMotion is not the only company that has been hit by a credential stuffing attack in the past few months. The recent victim was Reddit, who claimed that hackers had gained illicit access to some accounts following a credential stuffing attack.