Share this analysis

Dailymotion, Posh Market and others fall victim of data leaks.

14 February 2021
BREACHAWARE HQ
Video Sharing

A total of 8 breach events were found and analysed resulting in 96,298,360 exposed accounts containing a total of 8 different data types of personal datum . The breaches found publicly and freely available included Dailymotion, Posh Market, Alexander Hall, Elance and Pixlr. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Technical Data, Socia-Demographic Data.

Data Breach Analysis

The breaches, found publicly and freely available, impacted a range of organisations from media platforms and creative marketplaces to freelance networks and online tools. Notable among the breached entities are Dailymotion, Posh Market, Alexander Hall, Elance, and Pixlr.

The scale of this data set, nearing 100 million records, points not only to the vast digital footprint individuals leave across platforms but also to the degree to which once-secure or trusted online services can become long-term vulnerabilities.

Dailymotion, a prominent video-sharing platform headquartered in France, was among the most recognisable names affected. Given the platform’s global reach, the data may involve users from multiple regions, compounding regulatory and reputational implications.

Although users may not consider Dailymotion high-risk in the same way as financial services, access to a video-sharing account still has value. An attacker could use compromised credentials to deface a profile, post misleading content, or redirect links to malicious destinations. For users with linked social identities or reused passwords, this breach could act as a pivot point to access other, more sensitive platforms.

Posh Market, may likely be referring to the secondhand fashion marketplace. Even without financial details, the exposure of user identities in a commerce-focused platform introduces several attack vectors. Fraudulent listings, impersonation, and phishing campaigns pretending to resolve disputes or deliveries are all viable threats. Users who rely on such platforms for side income may also face disruption to their operations and reputational harm if their profiles are used to scam others.

Alexander Hall is a less widely known name but appears in breach datasets linked to spam operations and digital marketing tools. It may refer to a database of marketing contacts or scraped consumer information used for targeted outreach. Breaches like these are often less visible to the public yet can be highly valuable to attackers and grey-market advertisers.

While such data might not include passwords, it can still be weaponised in spam campaigns, credential stuffing attacks, or more subtle social engineering efforts. Furthermore, individuals who appear in these types of databases are often unaware they’ve been indexed, leading to a lack of visibility or recourse when their information becomes part of breach corpuses.

Elance, a pioneering freelancing platform that has since merged with oDesk to become Upwork, represents a significant segment of digital labour history. Despite its discontinuation, old user data from Elance may still circulate online.

Freelancers who used Elance might have shared detailed resumes, portfolio links, and billing details, creating a rich target for impersonation. There’s also the possibility that legacy credentials from Elance are reused on current platforms like Upwork or Fiverr, especially among users who transitioned their accounts during the platform merger. Such historical breaches often go overlooked by users, making them attractive for long-term exploitation.

Pixlr, an online photo editing service, was also part of this breach analysis. Pixlr caters to both casual and semi-professional users looking for browser-based design tools. While photo editors may not seem high-value targets, platforms like Pixlr are integrated into the workflows of social media creators, marketers, and small businesses.

Access to such an account could allow an attacker to manipulate or erase work, alter branding materials, or embed malware into downloadable project files. More subtly, the breach illustrates how even peripheral tools, those not storing financial data or sensitive health records, can still become vectors in multi-platform attacks if users reuse credentials or connect accounts via OAuth or cloud storage.

The remaining three breaches in this dataset, while unnamed in the summary, round out a total breach footprint of over 96 million accounts and underscore the layered vulnerability of the modern web user. Across all eight breaches, the eight exposed data types allow for highly personalised profiling. Once core identifiers such as emails and usernames are matched across platforms, attackers can build digital dossiers that support phishing, impersonation, and fraud campaigns.

This set of breaches reflects another important dynamic: the longevity of data. Several of the platforms listed (Elance, older instances of Dailymotion, or Alexander Hall’s databases) may no longer be actively used by many individuals. Yet the information stored in them continues to circulate, and reused passwords or associated metadata can remain relevant for years. This persistence of risk long after a platform has been abandoned, rebranded, or merged is a defining feature of the breach ecosystem.

It’s also worth noting how breach impact is not always proportional to the platform's public visibility. A user might be highly vigilant with their banking login but dismissive of their login on a photo-editing tool or comment section. This mindset creates blind spots that attackers routinely exploit.

As breaches of this scale become part of the background noise of the digital world, the challenge shifts from prevention to long-term data hygiene and contextual awareness. Many users may never know that their information from a forgotten freelancing gig or a casual design tool sign-up is circulating in criminal forums.

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0