The password of one of the Dailymotion administrators was accessible in clear on the GitHub development platform. The opportunity to remotely access the Dailymotion database and extract users’ personal data.
During a control carried out by the CNIL within the premises of the company, the latter indicated that the data breach resulted from an attack carried out in several stages and that it had concerned 82.5 million email addresses as well as 18.3 million encrypted passwords.
The restricted formation of the CNIL pronounced a financial penalty in the amount of 50,000 euros, considering that the company had failed in its obligation of security of personal data, in violation of article 34 of the Data Protection Act.
While stressing that the attack suffered by the company was sophisticated, the restricted formation nevertheless noted that this attack could not have succeeded if certain basic security measures had been put in place. In its decision, the restricted panel took into account that only e-mail addresses and encrypted passwords were extracted.
In view of the very large amount of data involved and the need to educate data controllers, the CNIL’s limited training decided to make this decision public.
FrenchWeb is organizing a special Digital Protection Officer FWDay on September 20, a morning devoted to the regulations in terms of personal data management, and the role of DPO, a new key player in companies.