October 21, 2016 by

Weebly Hack Sees 43 Million User Credentials Stolen

San Francisco-based Weebly.com, a “drag-n-drop” website creator has seen its main database breached, leaking the user details of over 43 million users in an incident from February 2016, it has been revealed.

Weebly, a popular San Francisco-based website creator that has helped generate websites for over 40 million people since 2007 will soon begin notifying customers of a breach that affects all of its users.

Altogether, the breach sees the compromise of details ffrom 43,430,316 customers that happened in February 2016.

The details of the breach only came to light after breach-resource website LeakedSource publicized the news in a recent post. Compromised data includes usernames, passwords, email addresses and IP information of registered users.

The company admitted to the same, in a statement, saying:

Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers. At this point we do not have evidence of any customer website being improperly accessed.

To their credit, LeakedSource added that the co-founder and CTO of Weebly, Chris Fanini, has responded to its requests for communication to begin working with the breach database resource to remedy the matter.

Crucially, the password encryption method used by Weebly is a unique salted Bcrypt hashing method, which is relatively better off than most other encryption techniques used in other prominent breaches.

“This method of storing passwords gets a 7.5 out of 10 from us because there is lots of room for improvement but far from the worst we’ve seen,” said LeakedSource.

This breach, however, is even more significant as the stolen credentials not only impact tens of millions of users, but also tens of millions of websites hosted on the Weebly platform.

LeakedSource added:

[T]his breach could have been far more disasterous in the wrong hands had they not strongly hashed passwords.

News of the Weebly breach is only the latest in the trend of ever-increasing mega-breaches and it has to be said, change your password, if you haven’t done so in the recent past already.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Pizza Hut Suffers Customer Card Breach, Discloses Hack 2 Weeks Later

Pizza chain Pizaa Hut was hacked on October 1st and October 2nd this month with hackers stealing...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward

45 Million Login Credentials Stolen from Over 1000 Websites

  Troves of records from data breaches just do not know when to quit. Some 45 million logins from...

Read more arrow_forward