In the string of data breaches this decade has given rise to, website builder Weebly are next in line.
It’s thought that 43 million users’ personal details were leaked as part of a massive breach. I can say with certainty that this will not be the end of data breaches, as many companies and organisations lack the security and protection needed to fend off the cyber-criminals of today. However, it is not enough for companies to be reactive; they need to be proactive to ensure the safety of our personal data.
Especially a company like Weebly who are handling websites for people and businesses around the world!
Nature of the leak
The alleged leak is thought to have compromised over 43 million Weebly users’ personal details earlier this year in February, which included their username, email address, password, and IP address. With personal information like an email address and password, hackers can access several other accounts that are held by individuals, since many people are guilty of using the same email address and passwords across several online accounts.
This obviously poses a serious risk.
Why was Weebly hacked?
There are many reasons as to why hackers may want to hack user accounts; the main being for financial reasons. Hackers can profit financially by sending spam to their paid clients. There is this vulnerability on the Weebly website, as there are paid functions on the free website-building platform. Another reason could be for targeted phishing. If the hacker can see communications made between yourself and businesses via the website builder, they can gain additional information by posing as the business.
And it can all lead to what they really want – your money!
Is this a data breach?
Of course it is, and if Weebly are found to have lax security, they could be held liable financially as well. As an organisation, they are responsible for securing the data of their customers. This means that they are tasked with providing high-security data protection from unlawful processing. Effectively, this means they’re responsible for protecting their customers’ data from being passed around or accessed unlawfully. These responsibilities are comprehensively detailed in the Data Protection Act.
Weebly’s feeble defence comes as no surprise. They suggest that the breach could have had far more devastating consequences if they had not “strongly hashed passwords”. Is that a strong enough justification for the 43 million user accounts that were hacked? I think not.
However, Weebly alleged that they used a salted Bcrypt hash with a factor of 8. According to software experts, the National Institute of Standards and Technology, there are safer and higher security encryption tools such as PBKDF2. In response to the security breach, the security team has alleged to have increased their security factor to 10.
Following on from my earlier philosophy, I believe it’s important for companies to be proactive and not reactive! The investigation is well underway as the website host was made aware of the hack just a few days ago.
It’s also said that Foursquare suffered a breach involving their 22 million users’ personal details as well. However, this has not been confirmed as a breach as the information could have been obtained from users’ voluntarily publicising their location from their social media pages.
Although, this may not seem to be an orthodox breach, there could be suspicions as to how this kind of information came within the public realm.
Final word of advice…
Let this be a lesson learned for both parties. For users: never use a standardised password across several accounts. For companies: pump up that security or face a lengthy investigation into your security procedures; and if you’re found to be in violation of the Data Protection Act, expect legal proceedings!
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.