Every day we seem to hear about new data breaches. Every day users are warned that their personal information may have been exposed, that they should reset their passwords, and tighten their security measures to prevent hackers from exploiting their details.
Today the concern is related to one of the world’s biggest video platforms. Dailymotion, where users upload, watch and share videos, has reportedly been hacked and the details of approximately 85 million users exposed.
Breach notification service LeakedSource, which most recently brought a mega breach at AdultFriendFinder to the public’s attention, obtained the data after the breach which is thought to have happened in October.
As ZDNet reports, the good news is that most of the leaked account details do not have passwords attached.
The 18 million password details that have been exposed are hashed with bcrypt, meaning that they should be much slower and more difficult to crack than if an alternative algorithm such as SHA1 or MD5 had been used. If only more sites would take that precaution, we would probably all sleep a little easier in our beds.
Nonetheless, even those users who have not had their passwords made public would be wise to be careful, as online criminals could still use their email addresses and usernames to craft spear-phishing attacks or launch spam campaigns designed to steal further details or spread malware.
Now, you might not think the password for a video-watching website is that important. And, to be fair, it probably isn’t for most users.
But when you consider that so many people make the mistake of reusing passwords on different online services – some of which are much more critical than others – then you can begin to understand that even a breach at a non-critical site could have dramatic implications for you personally or professionally.
Don’t wait until the new year to make a resolution to improve your password practices. Make that first step today.
Get yourself a good password manager to securely store your passwords, randomly generate new ones, and consign weak and reused passwords to the dustbin. Where possible, enable multi-factor authentication in order to give hackers an additional hurdle to gain access to your account – in many cases it will be enough to stop them dead in their tracks and find a softer target.
Meanwhile, if you are an online business, take a close look at your web applications and consider whether they might contain flaws and vulnerabilities that a malicious attacker could exploit to siphon off private information about your customers.
And, of course, ensure that any sensitive information (such as your users’ passwords) are salted and hashed with a strong algorithm, so that even if there is a breach – the impact is minimised.
by Graham Cluley, ESET We Live Security