After a few little hiccups and a somewhat long break, the trend of 2016 mega breaches continues. Following the leaks of LinkedIn, MySpace, Tumblr, Dropbox, Yahoo, and several others, today comes a new confirmation. Foursquare and Weebly are the latest in this long line of tech companies who have had their databases leaked.
Weebly confirms hack that affected over 43 million customers
Weebly, a San Francisco-based company has allowed over tens of millions of people since 2007 to create websites with "drag-n-drop." The company confirmed Thursday that hackers managed to hack into its servers earlier in the year. Data of over 43 million users has been stolen during the breach. LeakedSource, the breach notification site has uploaded a copy of the stolen data that it received from an anonymous source.
The leaked data includes usernames, email addresses, passwords, and IP addresses. Passwords were stored with bcrypt, which is a strong hashing system, making cracking passwords a difficult task. But users should still change their passwords on Weebly.
Weebly said it will start sending notification letters to all of their customers, informing them of the data breach that occurred eight months ago.
"At this point we do not have evidence of any customer website being improperly accessed," said a company spokesperson. "We do not store any full credit card numbers on Weebly servers, and at this time we're not aware that any credit card information that can be used for fraudulent charges was part of this incident."
"This mega breach affects not only tens of millions of users but tens of millions of websites," LeakedSource said. "With Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords."
Foursquare too?
LeakedSource has also published data of what it says comes from a Foursquare breach. The location-based check-in site has denied the breach. But, the notification site claims that over 22.5 million account credentials were stolen in the breach. "We have done an internal investigation and no breach has occurred," Foursquare said.
The data uploaded includes email addresses, first and last names, gender, users' location, Facebook ID, and Twitter username.
Weebly and Foursquare are just two latest tech companies that will come under fire for employing weak security practices. Following a long list of companies that have been hacked into in the past few years, FBI arrested a hacker responsible for LinkedIn hack earlier this month. Is the same hacker associated with other tech mega breaches? There's no confirmation yet, but we expect to hear more once he's extradited to the United States.
