SoylentNews

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Weebly, a popular web-hosting service featuring a drag-and-drop website builder, has been breached, and email addresses/usernames, IP addresses and encrypted passwords for some 43 million users have been stolen.

Unfortunately, the company did not notice the breach when it happened, around February 2016. They were notified of it once LeakedSource got its hands on the stolen data.

"Unlike nearly every other hack, the co-founder and CTO of Weebly Chris Fanini fortunately did not have his head burried [sic] deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out," the group noted.

Weebly also published a security update on the site, explaining what they did once they were made aware of the breach:

• Confirmed the authenticity of the data
• Called in security consultants to help with the investigation
• Reset passwords of affected users and notified them via email
• Took steps to enhance their network security to prevent future breaches
• Implemented tougher password requirements
• Set up a dashboard for users to monitor their log-in history.

Source: https://www.helpnetsecurity.com/2016/10/21/weebly-breach-confirmed/

Original Submission