Weebly Hack Sees 43 Million User Credentials Stolen

San Francisco-based Weebly.com, a “drag-n-drop” website creator has seen its main database breached, leaking the user details of over 43 million users in an incident from February 2016, it has been revealed.

Weebly, a popular San Francisco-based website creator that has helped generate websites for over 40 million people since 2007 will soon begin notifying customers of a breach that affects all of its users.

Altogether, the breach sees the compromise of details ffrom 43,430,316 customers that happened in February 2016.

The details of the breach only came to light after breach-resource website LeakedSource publicized the news in a recent post. Compromised data includes usernames, passwords, email addresses and IP information of registered users.

The company admitted to the same, in a statement, saying:

Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers. At this point we do not have evidence of any customer website being improperly accessed.

To their credit, LeakedSource added that the co-founder and CTO of Weebly, Chris Fanini, has responded to its requests for communication to begin working with the breach database resource to remedy the matter.

Crucially, the password encryption method used by Weebly is a unique salted Bcrypt hashing method, which is relatively better off than most other encryption techniques used in other prominent breaches.

“This method of storing passwords gets a 7.5 out of 10 from us because there is lots of room for improvement but far from the worst we’ve seen,” said LeakedSource.

This breach, however, is even more significant as the stolen credentials not only impact tens of millions of users, but also tens of millions of websites hosted on the Weebly platform.

LeakedSource added:

[T]his breach could have been far more disasterous in the wrong hands had they not strongly hashed passwords.

News of the Weebly breach is only the latest in the trend of ever-increasing mega-breaches and it has to be said, change your password, if you haven’t done so in the recent past already.

Image credit: Wikimedia.