Weebly confirms hack affecting over 40 million users, Foursquare user accounts also allegedly exposed
The stolen and leaked data from Weebly contain usernames, passwords, email addresses and IP addresses Reuters

Hackers have hit Weebly and Foursquare and millions of user accounts are believed to have been stolen. While Weebly has confirmed the breach, adding that it is currently notifying customers and working on initiating password resets, Foursquare denied any breach had occurred.

According to breach notification site LeakedSource, over 43 million Weebly user accounts have been stolen, after hackers accessed the firm's main database in February 2016. LeakedSource claimed that the stolen data was provided to them by an "anonymous source". The stolen and leaked data contain usernames, passwords, email addresses and IP addresses.

A Weebly spokesperson said: "At this point we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we're not aware that any credit card information that can be used for fraudulent charges was part of this incident," ZDNet reported.

"This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords," LeakedSource said.

LeakedSource also identified leaked data from Foursquare, claiming that 22.5 million user accounts were hacked in December 2013. The alleged data stolen includes usernames, emails and Facebook and Twitter IDs.

However, a spokesperson for Foursquare said: "We have done an internal investigation and no breach has occurred."

Deepak Patel, director of security strategy for Imperva, told IBTimes UK: "The ease of getting millions of stolen credentials, with the fact that users will always continue to reuse passwords simply because they are human, makes brute force attacks more effective than ever and forces application providers to take proper measures to protect their users.

"As we see again in this case, data from breaches is hot merchandise on both sides of the legitimacy fence with the security marketplace on one side and the dark market on the other. To prevent brute force attacks, security officers should not rely on password policies only, but should take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, treat with caution logins from unexpected countries and anonymous sources, and compare login data to popular passwords and stolen credentials."