DatPiff Data Breach Has an Impact on Millions of People, Have I Been Pwned Warns
Apparently Multiple Passwords of the Online Distribution Platform Have Been Put for Sale Online.
A DatPiff data breach is currently impacting many people, as reportedly approximately 7.5 million DatPiff members’ passwords have been put up for sale online. To check if you’re one of the victims, you can use the Have I Been Pwned service.
About the DatPiff Data Breach
According to BleepingComputer, July 2020 was the first time when the DatPiff database was sold both privately and publicly on hacking forums. The database under discussion includes records of 7,476,940 members consisting of data like email address, credentials (username and password) along security questions.
Another selling attempt of the same database was noticed on November 30 when a different breach collector was using the same hacking forum to sell the information. What was interesting this time was that the passwords were dehashed, this meaning that they included emails addresses and the passwords in plaintext form.
What followed next was that a different hacker made it possible for any other threat actor to make use of the data as this released it for free.
The reason why those passwords included in the database could be cracked was that they were hashed by means of the MD5 algorithm by Datpiff. This type of algorithm stands for a cryptographic hash function dating from 1992 and is regarded as insecure in the matter of password safety.
There are two ways in which hackers could dehash the MD5 passwords: either by comparing the hashes to common wordlists of MD5 or by obtaining them through brute force attacks with cracking tools.
What Is DatPiff?
DatPiff stands for an online distribution platform with its headquarters in Pennsylvania. The platform appeared back in 2005 with a focus on music genres like rap, hip-hop, or urban. Basically, it is a service that lets users who are not registered either download or upload for free different samples.
What Is a Hash?
A hash is a string of characters generated by a hash function. Hashes are often used to index and uniquely identify data sets and files, such as strings in a database or files in a computer storage system.
Hashes allow quick determination of whether the data set or file has been changed since the last time it was produced. This is because each file’s or data set’s hash will be different if even just one character has changed in the source text.
Recommendations for DatPiff Users
For the moment, there is no DatPiff official statement published on this topic, however, meanwhile, users can take some basic measures.
Users with old accounts on this platform should reset their passwords and change them into stronger and harder-to-decipher ones.
Credential stuffing attacks can also be prevented when avoiding using the same passwords for multiple websites.
The members of the DatPiff platform can use the Have I Been Pwned service to fill out their passwords and see if they are among the impacted people.