Security Experts:

Weebly Breach Affects Over 43 Million Users

Hackers have managed to steal information associated with more than 43 million accounts belonging to customers of Weebly, a San Francisco-based web hosting service that provides a drag-and-drop website builder.

According to LeakedSource, the attackers stole 43,430,316 accounts after breaching the company’s systems in February. The compromised information includes usernames, email addresses, IPs and password hashes.

Weebly has been in touch with LeakedSource and confirmed that the exposed information is genuine. The company has notified affected users and reset their passwords. On its website, Weebly claims to have more than 40 million users, which indicates that the breach has affected a large majority, if not all, of its customers.

Weebly is still trying to determine the cause of the breach, but the company says it has already started improving network security. In addition to resetting passwords, it has introduced a new feature that allows users to monitor their most recent login history for unauthorized access.

There is no evidence that Weebly users’ customers are affected and the hosting service says it does not store full credit card numbers or other financial information. Users have been warned about the risks of password reuse and the possibility that cybercriminals could leverage this incident for phishing campaigns.

The breach appears to affect users who registered accounts prior to March 1, 2016. Fortunately, in a majority of cases, passwords have been protected using bcrypt with a cost factor of 8 and unique salts, which makes them difficult to crack. The passwords for accounts created before June 2011 and not used recently were hashed with MD5, but Weebly says only a small number of customers fall into this category.

“The Weebly cyber attack is unfortunately part of the broader and rapidly accelerating trend we are observing globally. Right now, most sophisticated cyber attackers are more than able to penetrate the perimeter of enterprise networks. They have many ways to attack the network and all they need to is for one attempt to be successful. Once they are inside, the entire network is at risk,” TrapX co-founder Moshe Ben Simon told SecurityWeek.

“Our research shows that it is most critical for defenders to reduce the time to breach detection to almost real time. Current cyber defenses must be supplemented with new technologies and best practices that can identify attackers moving silently within the network. If you can find the attackers moving within the networks quickly, security operations teams can then move rapidly to shut the attack down and return to normal operations,” he added.

LeakedSource also reported obtaining information on nearly 59 million users stolen from Modern Business Solutions. The company said it was also provided 22 million user accounts allegedly stolen from FourSquare in December 2013.

LeakedSource has disclosed several mega breaches this year, including ones affecting Last.fm, Rambler, Mail.Ru, Social Blade and Dropbox.

Related: Russian Arrested by Czech Police Tied to 2012 LinkedIn Hack

Related: Leak of 200 Million Yahoo Accounts Linked to 2014 Hack

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.