View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 21, 2016

Millions of accounts hacked in Weebly, Foursquare mega breach

Weebly confirms hack, while Foursquare is denying claims that millions of accounts have been stolen.

By Ellie Burns

Joining an ever growing list of companies hit by mega breaches, Weebly has confirmed its systems have been hacked in a breach affecting not only millions of users, but also tens of millions of websites.

Weebly, a San Francisco-based company which lets people build websites, was cited by ZDNet as saying:

“At this point we do not have evidence of any customer website being improperly accessed.”

“We do not store any full credit card numbers on Weebly servers, and at this time we’re

Weebly hack

Weebly is a web-hosting service featuring a drag-and-drop website builder. The company is headquartered in San Francisco.

not aware that any credit card information that can be used for fraudulent charges was part of this incident.”

According to breach notification site LeakedSource, more than 43.4 million accounts were stolen in the attack, thought to have been carried out in February. In a summary of the hack, LeakedSouce reported:

“Well known San-Francisco based “drag-n-drop” website creator had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Each record in this mega breach contains a username, email address, password and IP address. Unlike nearly every other hack, the co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out.”


Foursquare is a local search-and-discovery service mobile app which provides search-results for its users.

LeakedSource also alleges that Foursquare, a search-and-discovery mobile app, has also fallen victim to a breach – although little details were revealed as to when the attack may have occurred.

LeakedSource claims that more than 22.5 million accounts were stolen in an alleged breach, with ZDNet confirming that a sample of the supposed stolen accounts included email address, first and last name, gender, location, Facebook ID and Twitter username.

However, a spokesperson for Foursquare told ZDNet that ‘no breach has occurred’ following an internal investigation.

Commenting on the mega breach, Imperva’s Deepak Patel said: “The ease of getting millions of stolen credentials, with the fact that users will always continue to reuse passwords simply because they are human, makes brute force attacks more effective than ever and forces application providers to take proper measures to protect their users.

“As we see again in this case, data from breaches is hot merchandise on both sides of the legitimacy fence with the security marketplace on one side and the dark market on the other. To prevent brute force attacks, security officers should not rely on password policies only, but should take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, treating with caution logins from unexpected countries and anonymous sources, and comparing login data to popular passwords and stolen credentials.”



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.