Web hosting service Weebly has confirmed a major data breach reported by LeakedSources.com.
How many victims? 43.4 million accounts
What type of information? Usernames, Email addresses, Passwords and IP addresses. Fortunately, the passwords were heavily encrypted.
What happened? LeakedSource.com acquired the stolen Weebly data from an anonymous source and reports that they were stolen from the company’s main database in February 2016.
What was the response? Weebly has responded by resetting passwords and sending out breach notification emails. In a company statement sent to SCMagazine, the company noted: “Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers,” It went further to say “At this point we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident.” The statement went further to say: “Our security team, with support from outside security consultants, is working to protect our customers and to enhance our network protections. This includes initiating password resets, implementing new password requirements and a new dashboard that gives customers an overview of recent log-in history of their Weebly account to track account activity,”
Quote: “This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords,” – LeakedSource.com’s blog post.