Tens of millions of websites at risk in latest mega breach
October 20th, 2016Table of Contents
Important Updates
Before we begin, much has happened in the last few weeks that we'd like to share.- Despite helping prior and in a case of "biting the hand that feeds", Twitter decided to suspend us in an effort to curb free speech which as a private company they are more than free to do. We understand that Twitter is looking for a buyer but don't expect us to help out the next time we find other Twitter credentials on the dark web. Because of this situation, we are now giving exclusive breach notifications to this news feed. If Twitter decides to ban them as well, we are going to start giving exclusive content to the terrorist group ISIS so they too get banned from Twitter because it seems like that's what it'll take to get Twitter to take action against accounts of those who enjoy cutting the heads off their enemies.
- We've also made changes to our API including the removal of time limits for packages and new support for small businesses.
- We now offer a free notification service for users, get proactively notified when you appear in any breaches - Get notified!.
Summary
Well known San-Francisco based "drag-n-drop" website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.Each record in this mega breach contains a username, email address, password, and IP address.
Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head burried deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out.
This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disasterous in the wrong hands had they not strongly hashed passwords.
Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.
Passwords
Passwords were stored using uniquely salted Bcrypt hashing and a cost factor of 8. This method of storing passwords gets a 7.5 out of 10 from us because there is lots of room for improvement but far from the worst we've seen. Weebly has also informed us that they've changed their password storage to a cost factor of 10.Emails
Simple table of top email domains| Rank | Email Domain | Frequency |
|---|---|---|
| 1 | @gmail.com | 12,760,172 |
| 2 | @yahoo.com | 5,760,654 |
| 3 | @hotmail.com | 4,168,402 |
| 4 | @weebly.com | 3,421,602 |
| 5 | NONE | 3,190,390 |
| 6 | @blank.weebly.c | 719,873 |
| 7 | @aol.com | 669,941 |
| 8 | @live.com | 427,420 |
| 9 | @hotmail.co.uk | 403,841 |
| 10 | @wee | 368,058 |
| 11 | @outlook.com | 341,947 |
| 12 | @ymail.com | 267,538 |
| 13 | @weebly. | 211,516 |
| 14 | @chacuo.net | 210,628 |
| 15 | @027168.com | 209,625 |
| 16 | @163.com | 203,031 |
| 17 | @comcast.net | 181,967 |
| 18 | @yahoo.co.uk | 149,512 |
| 19 | @mail.ru | 140,014 |
| 20 | @weeblycloud.co | 139,544 |
| 21 | @icloud.com | 137,526 |
| 22 | @qq.com | 130,685 |
| 23 | @msn.com | 130,410 |
| 24 | @rocketmail.com | 117,507 |
| 25 | @live.co.uk | 97,216 |
| 26 | @hotmail.fr | 92,738 |
| 27 | @mail.com | 92,028 |
| 28 | @me.com | 90,855 |
| 29 | @aim.com | 76,849 |
| 30 | @sbcglobal.net | 75,274 |
| 31 | @yahoo.co.id | 67,757 |
| 32 | @googlemail.com | 65,708 |
| 33 | @att.net | 59,142 |
| 34 | @yahoo.com.tw | 59,109 |
| 35 | @verizon.net | 57,256 |
| 36 | @rediffmail.com | 51,829 |
| 37 | @yahoo.ca | 50,127 |
| 38 | @yahoo.fr | 49,435 |
| 39 | @hotmail.it | 48,719 |
| 40 | @yahoo.co.in | 48,022 |
| 41 | @abv.bg | 47,791 |
| 42 | @live.nl | 46,432 |
| 43 | @btinternet.com | 45,329 |
| 44 | @web.de | 41,954 |
| 45 | @libero.it | 40,699 |
| 46 | @cox.net | 40,649 |
| 47 | @live.ca | 39,400 |
| 48 | @live.fr | 39,244 |
| 49 | @yahoo.in | 39,004 |
| 50 | @gmx.com | 36,800 |
| 51 | @bellsouth.net | 35,575 |
| 52 | @yahoo.com.vn | 33,713 |
| 53 | @yandex.com | 32,541 |
| 54 | @education.nsw. | 32,140 |
| 55 | @gmx.de | 31,305 |
| 56 | @hotmail.ca | 30,376 |
More Databases
We are virtually up to our eyeballs with hundreds more databases so we've added the following others with this release.- Modern Business Solutions - 58,848,226 users - October 2016
- FourSquare - 22,534,984 users - December 2013