Heimdal
article featured image

Contents:

A DatPiff data breach is currently impacting many people, as reportedly approximately 7.5 million DatPiff members’ passwords have been put up for sale online. To check if you’re one of the victims, you can use the Have I Been Pwned service.

About the DatPiff Data Breach

According to BleepingComputer, July 2020 was the first time when the DatPiff database was sold both privately and publicly on hacking forums. The database under discussion includes records of 7,476,940 members consisting of data like email address, credentials (username and password) along security questions.

Another selling attempt of the same database was noticed on November 30 when a different breach collector was using the same hacking forum to sell the information. What was interesting this time was that the passwords were dehashed, this meaning that they included emails addresses and the passwords in plaintext form.

What followed next was that a different hacker made it possible for any other threat actor to make use of the data as this released it for free.

The reason why those passwords included in the database could be cracked was that they were hashed by means of the MD5 algorithm by Datpiff. This type of algorithm stands for a cryptographic hash function dating from 1992 and is regarded as insecure in the matter of password safety.

There are two ways in which hackers could dehash the MD5 passwords: either by comparing the hashes to common wordlists of MD5 or by obtaining them through brute force attacks with cracking tools.

What Is DatPiff?

DatPiff stands for an online distribution platform with its headquarters in Pennsylvania. The platform appeared back in 2005 with a focus on music genres like rap, hip-hop, or urban. Basically, it is a service that lets users who are not registered either download or upload for free different samples.

What Is a Hash?

A hash is a string of characters generated by a hash function. Hashes are often used to index and uniquely identify data sets and files, such as strings in a database or files in a computer storage system.

Hashes allow quick determination of whether the data set or file has been changed since the last time it was produced. This is because each file’s or data set’s hash will be different if even just one character has changed in the source text.

Recommendations for DatPiff Users

For the moment, there is no DatPiff official statement published on this topic, however, meanwhile, users can take some basic measures.

Users with old accounts on this platform should reset their passwords and change them into stronger and harder-to-decipher ones.

Credential stuffing attacks can also be prevented when avoiding using the same passwords for multiple websites.

The members of the DatPiff platform can use the Have I Been Pwned service to fill out their passwords and see if they are among the impacted people.

Did you enjoy this article? Follow us on LinkedInTwitterFacebookYoutube, or Instagram to keep up to date with everything we post!

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE