DailyQuiz 8.3 Million Users Plaintext Passwords Exposed
Breach and Leak Report: DailyQuiz has 13 million users. A hacker breached its database and stole the content sometimes. Since early 2021, 8.3 million users' personal data are listed for sale on the dark web.
| Learn how to check breach in 5 minutes |
| Tips about Data Breach |
| By Jackson White | Back to Breach List |
DailyQuiz 8.3 Million Users Plaintext Passwords Exposed
Users go to DailyQuiz.me to share quizzes with others, the result is some others are sharing their passwords. We don't point a finger at anyone who enjoys sharing. But the DailyQuiz.me, which website is closed, disappointed the users who created an account on it.
The personal information includes:
DailyQuiz (formerly known as ThisCrush) has admitted to the security breach but cannot do more for the victims and did not uncover more valuable information about the security incident.
If you were a user of the website, you can check if your personal details were exposed in the site’s security breach from keepds.com's search panel, which is powered by Have I Been Pwned.
DailyQuiz actually stored users' passwords in plaintext. It's a huge mistake in view of information security. The real risk is due to the plaintext passwords.
DailyQuiz itself isn't a huge value object, but cybercriminals can use the email and password combination to carry out credential stuffing attacks — where they check a person’s DailyQuiz username/email and password combination at other online services in an attempt to hijack other accounts.
Credential stuffing attack by plaintext passwords is a common way to crack hashed passwords without having to expend huge computational and financial resources.
So, if you are DailyQuiz.me user and know your data are leaked.
If your password is reused on other websites, you should change them right away. Accounts tied to social media profiles or that hold any type of financial information should be checked and updated first.
Breach Detail
DailyQuiz has 13 million users. A hacker breached its database and stole the content sometimes. Since early 2021, people see 8.3 million users' personal data listed to sell on the dark web.The personal information includes:
- plaintext password
- IP addresses
DailyQuiz (formerly known as ThisCrush) has admitted to the security breach but cannot do more for the victims and did not uncover more valuable information about the security incident.
If you were a user of the website, you can check if your personal details were exposed in the site’s security breach from keepds.com's search panel, which is powered by Have I Been Pwned.
DailyQuiz actually stored users' passwords in plaintext. It's a huge mistake in view of information security. The real risk is due to the plaintext passwords.
What DailyQuiz Users to Do
Search Email/Password BreachDailyQuiz itself isn't a huge value object, but cybercriminals can use the email and password combination to carry out credential stuffing attacks — where they check a person’s DailyQuiz username/email and password combination at other online services in an attempt to hijack other accounts.
Credential stuffing attack by plaintext passwords is a common way to crack hashed passwords without having to expend huge computational and financial resources.
So, if you are DailyQuiz.me user and know your data are leaked.
If your password is reused on other websites, you should change them right away. Accounts tied to social media profiles or that hold any type of financial information should be checked and updated first.