Website Builder Weebly Breached; 43 Million Users at Risk
Posted by: Timothy Weaver on 10/26/2016 12:54 PM
[
Comments
]
The free website builder Weebly has suffered a data breach that has put 43 million users personal information at risk.
On Oct. 20th, LeakedSource.com published the database that contained 43,430,316 Weebly users' information. The data included username, email address, password, and IP addresses.
LeakedSource said the breach could have been much worse:
"This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords."
As far as password security, Weebly used a salted Bcrypt hash with a factor of 8. It has since changed it to 10 to be more secure.
Weebly co-founder Chris Fanini has sent out the following information:
"Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers.
"At this point, we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident."
In spite of the strong password security, users are still being cautioned to change their passwords.
Source: Graham Cluley
On Oct. 20th, LeakedSource.com published the database that contained 43,430,316 Weebly users' information. The data included username, email address, password, and IP addresses.LeakedSource said the breach could have been much worse:
"This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords."
As far as password security, Weebly used a salted Bcrypt hash with a factor of 8. It has since changed it to 10 to be more secure.
Weebly co-founder Chris Fanini has sent out the following information:
"Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers.
"At this point, we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident."
In spite of the strong password security, users are still being cautioned to change their passwords.
Source: Graham Cluley
Comments
