Hackers have managed to steal information associated with more than 43 million accounts belonging to customers of Weebly, a San Francisco-based web hosting service that provides a drag-and-drop website builder.
According to LeakedSource, the attackers stole 43,430,316 accounts after breaching the company’s systems in February. The compromised information includes usernames, email addresses, IPs and password hashes.
Weebly has been in touch with LeakedSource and confirmed that the exposed information is genuine. The company has notified affected users and reset their passwords. On its website, Weebly claims to have more than 40 million users, which indicates that the breach has affected a large majority, if not all, of its customers.
Sponsored by: LibertyTrust.com
Weebly is still trying to determine the cause of the breach, but the company says it has already started improving network security. In addition to resetting passwords, it has introduced a new feature that allows users to monitor their most recent login history for unauthorized access.
There is no evidence that Weebly users’ customers are affected and the hosting service says it does not store full credit card numbers or other financial information. Users have been warned about the risks of password reuse and the possibility that cybercriminals could leverage this incident for phishing campaigns.
The breach appears to affect users who registered accounts prior to March 1, 2016. Fortunately, in a majority of cases, passwords have been protected using bcrypt with a cost factor of 8 and unique salts, which makes them difficult to crack. The passwords for accounts created before June 2011 and not used recently were hashed with MD5, but Weebly says only a small number of customers fall into this category.
continue reading: SecurityWeek.com