Reading:
“Did Weebly do enough to fend off the hackers?” – Weebly and Foursquare in a potential breach of their customers’ personal information
Share:

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

“Did Weebly do enough to fend off the hackers?” – Weebly and Foursquare in a potential breach of their customers’ personal information

In the string of data breaches this decade has given rise to, website builder Weebly are next in line.

It’s thought that 43 million users’ personal details were leaked as part of a massive breach. I can say with certainty that this will not be the end of data breaches, as many companies and organisations lack the security and protection needed to fend off the cyber-criminals of today. However, it is not enough for companies to be reactive; they need to be proactive to ensure the safety of our personal data.

Especially a company like Weebly who are handling websites for people and businesses around the world!

Nature of the leak

The alleged leak is thought to have compromised over 43 million Weebly users’ personal details earlier this year in February, which included their username, email address, password, and IP address. With personal information like an email address and password, hackers can access several other accounts that are held by individuals, since many people are guilty of using the same email address and passwords across several online accounts.

This obviously poses a serious risk.

Why was Weebly hacked?

There are many reasons as to why hackers may want to hack user accounts; the main being for financial reasons. Hackers can profit financially by sending spam to their paid clients. There is this vulnerability on the Weebly website, as there are paid functions on the free website-building platform. Another reason could be for targeted phishing. If the hacker can see communications made between yourself and businesses via the website builder, they can gain additional information by posing as the business.

And it can all lead to what they really want – your money!

Data protection

Is this a data breach?

Of course it is, and if Weebly are found to have lax security, they could be held liable financially as well. As an organisation, they are responsible for securing the data of their customers. This means that they are tasked with providing high-security data protection from unlawful processing. Effectively, this means they’re responsible for protecting their customers’ data from being passed around or accessed unlawfully. These responsibilities are comprehensively detailed in the Data Protection Act.

Weebly’s defence

Weebly’s feeble defence comes as no surprise. They suggest that the breach could have had far more devastating consequences if they had not “strongly hashed passwords”. Is that a strong enough justification for the 43 million user accounts that were hacked? I think not.

However, Weebly alleged that they used a salted Bcrypt hash with a factor of 8. According to software experts, the National Institute of Standards and Technology, there are safer and higher security encryption tools such as PBKDF2. In response to the security breach, the security team has alleged to have increased their security factor to 10.

Following on from my earlier philosophy, I believe it’s important for companies to be proactive and not reactive! The investigation is well underway as the website host was made aware of the hack just a few days ago.

Foursquare too?

It’s also said that Foursquare suffered a breach involving their 22 million users’ personal details as well. However, this has not been confirmed as a breach as the information could have been obtained from users’ voluntarily publicising their location from their social media pages.

Although, this may not seem to be an orthodox breach, there could be suspicions as to how this kind of information came within the public realm.

Final word of advice…

Let this be a lesson learned for both parties. For users: never use a standardised password across several accounts. For companies: pump up that security or face a lengthy investigation into your security procedures; and if you’re found to be in violation of the Data Protection Act, expect legal proceedings!

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon