It wouldn’t be a week in payments and commerce if some firm or other weren’t getting hacked and taken for a few million points of customer data.
This week’s “winner” is Weebly — as reports are emerging that the web design firm was hacked in February. The data that went out the door? Usernames and passwords for more than 43 million accounts. That’s the bad news. The good news is the passwords were secured with the strong hashing algorithm bcrypt.
Weebly said in an email to customers that user IP addresses were also taken in the breach.
“We do not believe that any customer website has been improperly accessed,” Weebly said in the notice to users.” The company also confirmed that it does not store credit card information, thus making fraudulent charges unlikely.
LeakedSource — who first broke the story of the Weebly hack — said it received the Weebly database from an anonymous source and notified Weebly of the breach.
LeakedSource also reports that password resets are being issued — but the general recommendation is that all consumers change their passwords.
“We have done an internal investigation and no breach has occurred,” a company spokesperson said in a statement.
This is just the latest in a string of megabreaches. Yahoo recently revealed that data for 500 million users were stolen.