Weebly Hacked, 43 million Credentials Stolen

It wouldn’t be a week in payments and commerce if some firm or other weren’t getting hacked and taken for a few million points of customer data.

This week’s “winner” is Weebly — as reports are emerging that the web design firm was hacked in February.  The data that went out the door? Usernames and passwords for more than 43 million accounts. That’s the bad news. The good news is the passwords were secured with the strong hashing algorithm bcrypt.

Weebly said in an email to customers that user IP addresses were also taken in the breach.

“We do not believe that any customer website has been improperly accessed,” Weebly said in the notice to users.” The company also confirmed that it does not store credit card information, thus making fraudulent charges unlikely.

LeakedSource — who first broke the story of the Weebly hack — said it received the Weebly database from an anonymous source and notified Weebly of the breach.

LeakedSource also reports that password resets are being issued — but the general recommendation is that all consumers change their passwords.

LeakedSource also reports that it found data from 22.5 million accounts that apparently came from Foursquare via a December 2013 breach. Foursquare disputes that claim —  and has stated that the email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare’s API or search.

“We have done an internal investigation and no breach has occurred,” a company spokesperson said in a statement.

This is just the latest in a string of megabreaches. Yahoo recently revealed that data for 500 million users were stolen.