View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 21, 2016

Millions of accounts hacked in Weebly, Foursquare mega breach

Weebly confirms hack, while Foursquare is denying claims that millions of accounts have been stolen.

By Ellie Burns

Joining an ever growing list of companies hit by mega breaches, Weebly has confirmed its systems have been hacked in a breach affecting not only millions of users, but also tens of millions of websites.

Weebly, a San Francisco-based company which lets people build websites, was cited by ZDNet as saying:

“At this point we do not have evidence of any customer website being improperly accessed.”

“We do not store any full credit card numbers on Weebly servers, and at this time we’re

Weebly hack

Weebly is a web-hosting service featuring a drag-and-drop website builder. The company is headquartered in San Francisco.

not aware that any credit card information that can be used for fraudulent charges was part of this incident.”

According to breach notification site LeakedSource, more than 43.4 million accounts were stolen in the attack, thought to have been carried out in February. In a summary of the hack, LeakedSouce reported:

“Well known San-Francisco based “drag-n-drop” website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.

Content from our partners
How the retail sector can take firm steps to counter cyberattacks
How to combat the rise in cyberattacks
Why email is still the number one threat vector

“Each record in this mega breach contains a username, email address, password and IP address. Unlike nearly every other hack, the co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out.”

foursquare

Foursquare is a local search-and-discovery service mobile app which provides search-results for its users.

LeakedSource also alleges that Foursquare, a search-and-discovery mobile app, has also fallen victim to a breach – although little details were revealed as to when the attack may have occurred.

LeakedSource claims that more than 22.5 million accounts were stolen in an alleged breach, with ZDNet confirming that a sample of the supposed stolen accounts included email address, first and last name, gender, location, Facebook ID and Twitter username.

However, a spokesperson for Foursquare told ZDNet that ‘no breach has occurred’ following an internal investigation.

Commenting on the mega breach, Imperva’s Deepak Patel said: “The ease of getting millions of stolen credentials, with the fact that users will always continue to reuse passwords simply because they are human, makes brute force attacks more effective than ever and forces application providers to take proper measures to protect their users.

“As we see again in this case, data from breaches is hot merchandise on both sides of the legitimacy fence with the security marketplace on one side and the dark market on the other. To prevent brute force attacks, security officers should not rely on password policies only, but should take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, treating with caution logins from unexpected countries and anonymous sources, and comparing login data to popular passwords and stolen credentials.”

 

 

Topics in this article: , , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU