/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/10/4790012.jpg)
San Francisco-based web design platform Weebly has confirmed that hackers managed to hack into its servers earlier in the year.
Usernames, email addresses and passwords of more than 43 million accounts were taken in the breach, although the passwords are secured with the strong hashing algorithm bcrypt. LeakedSource, the breach notification site has uploaded a copy of the stolen data that it received from an anonymous source.
User IP addresses were also taken in the breach, Weebly said in an email to customers adding that it will start sending notification letters to all of their customers, informing them of the data breach that occurred eight months ago.
“At this point, we do not have evidence of any customer website being improperly accessed,” said a company spokesperson. “We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident.”
Apparently, password resets are also being issued and even if one doesn’t receive a password reset, you probably want to change your password anyway, said LeakedSource.
“This mega breach affects not only tens of millions of users but tens of millions of websites,” LeakedSource said. “With Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords.”
The hacking story for 2016 doesn’t end there. LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013.
The location-based check-in site, however, disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare’s API or search.
“We have done an internal investigation and no breach has occurred,” a company spokesperson said in a statement.