Resultados 1 a 4 de 4
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,563

    [EN] Weebly leaks over 43 million accounts

    Juha Saarinen
    Oct 21 2016



    One of the world's most popular personal and business website creation platforms, Weebly, has suffered a data breach believed to affect over 43 million user accounts.

    The company confirmed the breach to iTnews.

    "Weebly recently became aware that an unauthorised party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers," the webhoster's manager of public relations, Kim Chappell said in a statement to iTnews.

    "At this point we do not have evidence of any customer website being improperly accessed.

    "We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident."

    Weebly did not provide details on how the hack took place.

    The breach was first made public by website LeakedSource which publicises searchable user data that's been posted on the internet.

    LeakedSource tallied up the number of user accounts in the Weebly database and said it contained 43,430,316 records.

    It obtained the file, dated at February 2016, from an anonymous source.

    The site said it had contacted Weebly co-founder and chief technical officer Chris Fanini before publication of the data breach.

    Weebly passwords are stored with uniquely salted Bcrypt cryptographic hashing, using a cost or iteration factor of eight. Weebly told LeakedSource that it would increase the cost factor to ten, to make password cracking or brute-force guessing more computationally expensive.

    http://www.itnews.com.au/news/websit...ccounts-439804

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,563

    Weebly data breach affects 43 million customers


    Top 10 email domains leaked in Weebly breach


    Drag-n-Drop website creator will start notifying customers on Thursday

    Steve Ragan
    Oct 20, 2016


    Weebly, a San Francisco-based company that has allowed more than 40 million people create websites with since 2007; will start sending notification letters to all of their customers on Thursday, informing them of a data breach that occurred eight months ago.

    The breach, affecting 43,430,316 customers, happened February 2016, but the root cause remains unknown. The compromised database is just now coming to the public’s attention after an anonymous source sent it to LeakedSource.

    Prior to being notified, Weebly was unaware of the breach, but moved quickly once informed. Each compromised record contains usernames, passwords, email addresses, and IP information.

    “Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers. At this point we do not have evidence of any customer website being improperly accessed,” the company said in a statement sent to Salted Hash.

    “We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident. We are taking steps to notify our customers - and we are taking swift action to address the situation. Our security team, with support from outside security consultants, is working to protect our customers and to enhance our network protections. This includes initiating password resets, implementing new password requirements and a new dashboard that gives customers an overview of recent log-in history of their Weebly account to track account activity.”

    Weebly said that more information and additional updates would be given to customers and partners directly.

    LeakedSource posted details about the breach on their website, confirming that the company used uniquely salted bcrypt hashing to protect their passwords.

    Such security measures, LeakedSource wrote, prevented the data breach from coming more of a problem than it already was, as those responsible for the breach couldn’t target customer websites.

    “This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords,” the blog said.

    In addition to disclosing the Weebly breach, LeakedSource also used the blog to rant about their recent suspension from Twitter, for reasons unknown, and to disclose the fact they’re currently working on data from FriendFinder Networks Inc. (See Salted Hash’s coverage on these latest developments.)

    The post also says that 22 million records from a 2013 data breach at Foursquare, as well as 58 million records from the recent data breach at Modern Business Solutions.

    http://www.csoonline.com/article/313...customers.html

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,563
    Hello,

    Weebly recently became aware that an unauthorized party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers. Encrypted passwords are difficult to read or decode, and we do not believe that any customer website has been improperly accessed.

    We do not store any full credit card numbers, and so we do not believe that any credit card information which can be used for fraudulent charges was a part of this incident.

    As a precautionary security measure, we suggest that you reset your password.
    https://www.facebook.com/weebly/posts/10154718017797472

    LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued — but, if you’re a Weebly user and you don’t receive a password reset, you probably want to change your password anyway.

    https://techcrunch.com/2016/10/20/we...ntials-stolen/

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,563
    The company doesn't yet know how the data was accessed.

    The passwords for all accounts set up after June 1, 2011 were encrypted using salted bcrypt hashes. Older accounts used a less secure hashed password format, and all of those passwords are being automatically reset.

    http://www.esecurityplanet.com/netwo...sers-info.html

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •