Dailymotion credential stuffing attacks lasted more than 6 days

Following at least six days of credential stuffing attacks, video-sharing website Dailymotion said it stopped the threat but details are still unclear.

According to an announcement made Friday, Dailymotion was "subject to a large-scale computer attack aimed at compromising the data of its users." The attack was described as an automated credential stuffing campaign and as of the announcement on Friday the attacks were "still ongoing."

A Dailymotion spokesperson confirmed the "attack was successfully stopped over the weekend," but declined to offer more details.

An email sent to Dailymotion users regarding the credential stuffing attacks leaked on Twitter via Troy Hunt and shows the website's security team detected the incident on Jan. 19, meaning the attacks lasted for at least seven or eight days before being stopped.

Experts noted that attackers will often be careful with the volume of traffic in credential stuffing attacks in order to avoid detection, but none would speculate why an attack spanned so many days after being identified. It is unclear what -- if any -- mitigations Dailymotion had in place to prevent credential stuffing attacks, but experts said both enterprises and users need to work together to prevent similar attacks.

Martin Cannard, vice president of privileged access management product strategy at STEALTHbits Technologies, based in Hawthorne, N.J., said users need better education about password reuse.

"Software can help to identify anomalous logon activity, but to fix the root cause you need to make employees aware that the favorite password they have been using for years across all sites is an accident waiting to happen when it is breached," Cannard said. "Most users have 30 to 40 or even hundreds of online accounts; human beings like convenience. People go for the easy route and pick a secure password and use it everywhere. It doesn't matter how secure the password is if it is breached. Now attackers have the keys to your kingdom."

Franklyn Jones, chief marketing officer at Cequence Security, based in Sunnyvale, Calif., suggested enterprises need to have more visibility into their networks to prevent credential stuffing attacks.

"If the enterprise is a hyperconnected organization that relies on web, mobile and API apps to connect customers, partners and suppliers, they will likely be a target -- so that part is unavoidable. But to protect themselves from these types of attacks, they need to augment their existing security stack with tools that can visualize and analyze the specific traffic moving between remote clients and internal applications," Jones said. "Analysis of traffic flows provides insight into the underlying behavior and intent of an application request, which can help to quickly determine if the request is part of an automated bot attack."

Mark McClain, co-founder and CEO at SailPoint, added that access controls are also important in case an employee account is compromised in a credential stuffing attack.

"[Organizations should] ensure that your IT team has strong visibility into and governance over 'who has access to what' business applications and data. If an employees' user account is compromised, the IT team can quickly disable that user account before the hacker has time to steal sensitive company data," McClain said. "This is a critical element to enterprise security today as hackers have quickly realized that humans are the easiest way in to an organization today, as incidents like this one showcases."

Dailymotion has notified France's National Commission on Data Processing and Liberty (CNIL) in accordance with GDPR guidelines.