Weebly hacked, 43 million credentials stolen

The web design platform Weebly was hacked in February, according to the data breach notification site LeakedSource. Usernames and passwords for more than 43 million accounts were taken in the breach, although the passwords are secured with the strong hashing algorithm bcrypt.

Weebly said in an email to customers that user IP addresses were also taken in the breach.

“We do not believe that any customer website has been improperly accessed,” Weebly said in the notice to users.” The company also said that it does not store credit card information, making fraudulent charges unlikely.

LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued — but, if you’re a Weebly user and you don’t receive a password reset, you probably want to change your password anyway.

Meanwhile, LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013. The social media company disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare’s API or search.

“We have done an internal investigation and no breach has occurred,” a company spokesperson said in a statement.

This is just the latest in a string of megabreaches. Yahoo recently revealed that data for 500 million users were stolen, and breaches of Dropbox, MySpace and Tumblr have all come to light this year.