Weebly data breach affected more than 43 million customers

Weebly, a San Francisco-based Drag-n-Drop website creator, will start sending notification letters to all of their customers due to a data breach.

Another data breach is in the headlines, Weebly and Foursquare are the latest victims of the massive data breaches.

According to data breach notification site LeakedSource, hackers compromised details for over 43 Million users.

“Well known San-Francisco based “drag-n-drop” website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.” reads the blog post published by LeakedSource.
“Each record in this mega breach contains a username, email address, password, and IP address.”

The company confirmed the data breach, it also informed LeakedSource that it has started notifying affected customers and initiated password reset process.

LeakedSource also provided details of the cyber attack that seems to be dated back to February 2016, confirming the massive impact of the incident.

“This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords.”

Weebly stored the password with uniquely salted Bcrypt hashing making it hard for attackers to obtain user’s actual password.

“Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers,” the company said.

“At this point, we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident.”

Weebly is the last company that joined the list of massive data breaches recently revealed, a log list that includes IT giants like LinkedIn, MySpace, VK.com, Dropbox, and Yahoo.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – data breach, hacking)