Home Cyber Attack Video Sharing Platform DailyMotion Falls Victim To Credential Stuffing Attack

Video Sharing Platform DailyMotion Falls Victim To Credential Stuffing Attack

by Abeerah Hashim
DailyMotion credential stuffing

After meddling with a number of social networks, it seems the hackers have moved their focus to video-sharing platforms as well. Reportedly, DailyMotion – a popular platform for videos – has become the recent victim of cyber attack. The firm confirmed that it endured credential stuffing attack that affected some accounts.

DailyMotion Falls Victim To Credential Stuffing Attack

The famous video-sharing platform DailyMotion has suffered a credential stuffing attack. The firm has confirmed the event in an email to its customers.

Allegedly, the attack on the French platform DailyMotion started on January 19, 2019, and has affected limited accounts. The company’s IT security team discovered the attack and took all the necessary steps to block the attempt. The firm began informing its customers via email since Friday. They are also logging off the affected users and are resetting their passwords as a security measure.

This isn’t the first time that DailyMotion suffered a cyber attack. In 2016, the company suffered a similar attack affecting more than 85 million accounts.

Credential Stuffing – A Continuous Threat

The hackers have a particular interest in knowing the login credentials, as they can exploit the obtained usernames and passwords for a number of malicious purposes. The most common of these exploits include gaining access to other accounts since most internet users have a bad habit of using the same credentials across various platforms. That’s why credential stuffing attacks have long been a threat to almost all websites.

In the past, various platforms have suffered credential stuffing attacks and have reset passwords. Some of these include the famous Dunkin Donuts, DoorDash – a food delivery firm, the UK railway service Eurostar, and the IT firm Dell, AdGuard also reset customer passwords after it suspected credential stuffing via some other websites.

Just recently, HIBP has uploaded a huge database of millions of breached email addresses and passwords to its records. Reportedly, the database includes new breached information from over 2000 databases so you may want to check and see if you have been affected if you have yet to do so.

Let us know your thoughts in the comments section.

You may also like

Latest Hacking News

Privacy Preference Center

Necessary

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]

Advertising

DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.

doubleclick

Analytics

The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid