Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Weebly data breach affected more than 43 million customers

Weebly, a San Francisco-based Drag-n-Drop website creator, will start sending notification letters to all of their customers due to a data breach. Another data breach is in the headlines, Weebly and Foursquare are the latest victims of the massive data breaches. According to data breach notification site LeakedSource, hackers compromised details for over 43 Million users. […]

Weebly data breach affected more than 43 million customers

Weebly, a San Francisco-based Drag-n-Drop website creator, will start sending notification letters to all of their customers due to a data breach.

Another data breach is in the headlines, Weebly and Foursquare are the latest victims of the massive data breaches.

According to data breach notification site LeakedSource, hackers compromised details for over 43 Million users.

“Well known San-Francisco based “drag-n-drop” website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.” reads the blog post published by LeakedSource.
“Each record in this mega breach contains a username, email address, password, and IP address.”

The company confirmed the data breach, it also informed LeakedSource that it has started notifying affected customers and initiated password reset process.

LeakedSource also provided details of the cyber attack that seems to be dated back to February 2016, confirming the massive impact of the incident.

“This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords.”

weebly

Weebly stored the password with uniquely salted Bcrypt hashing making it hard for attackers to obtain user’s actual password.

“Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers,” the company said.

“At this point, we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident.”

Weebly is the last company that joined the list of massive data breaches recently revealed, a log list that includes IT giants like LinkedIn, MySpace, VK.com, Dropbox, and Yahoo.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – data breach, hacking)