A couple of days ago, a dataset of more than 85 millions of Dailymotion user accounts leaked online and were acquired by the breach notification service LeakedSource.
The leaked data from Dailymotion, a very popular French video sharing platform, contains millions of usernames, email addresses and hashed passwords.
In a recent update, Dailymotion acknowledges the situation and suggests changing the account password immediately. Though some passwords were hashed using a bcrypt hashing algorithm with then rounds of rekeying, making it very hard for potential hackers to get access to, according to Forbes, plain text passwords are shown for about 18 million users (20% of the leaked data set.).
As part of our CyberLab daily activity, we are continuously monitoring the Internet for any new data breach that can affect our customers. We immediately reviewed our database after the breach and found that the Dailymotion app has programmatic access to 10% of the corporate domains in our sample. Many employees have granted access to Dailymotion app via their corporate credentials, connecting the app to cloud SaaS platforms. All of these connections can easily be exploited as potential gateways for cybercriminals.
According to 2016 Gartner’s Hype Cycle for Application Security, “applications, not the infrastructure, represent the main attack vector for data exfiltration”. So although the access scopes granted to the app were fairly limited (email, basic info), we increased the CARI score (Cloud App Risk Index) for the Dailymotion app to Critical and sent an email to our customer base with step by step instructions on how to revoke and ban the app from corporate SaaS platforms.
Unfortunately, it looks like Dailymotion will not be the last of the major public platforms to be breached in the future. With the explosive growth of apps connected to corporate cloud platforms, it is more important than ever for corporations to recognize the risk and take action.