In a significant escalation of cybersecurity threats, 2016 has emerged as a watershed year for data breaches, impacting numerous high-profile companies and compromising over a billion user accounts globally. Most recently, Weebly and Foursquare fell prey to these cyber incidents, joining a grim list of organizations affected by massive data breaches that include LinkedIn, MySpace, VK.com, Tumblr, Dropbox, and the largest breach involving Yahoo.
According to breach notification platform LeakedSource, personal information for more than 43 million users from Weebly, a San Francisco-based website building service, was stolen. The platform reported that it had indexed a trove of data from an unnamed source, which included usernames, email addresses, passwords, and IP addresses.
LeakedSource’s blog elaborated on the breach, stating that the attack was believed to be executed back in February 2016. In a rare instance of proactive engagement, Chris Fanini, Weebly’s Co-founder and CTO, responded promptly to LeakedSource’s inquiries, highlighting the company’s commitment to user security.
The organization confirmed that it has begun notifying affected customers and rolled out a password reset initiative as part of its damage control measures. The breach, as noted by Weebly, involved the unauthorized acquisition of email addresses, usernames, IP addresses, and encrypted passwords using the BCrypt hashing algorithm.
While the BCrypt method offers a robust layer of security that complicates the retrieval of actual passwords, the incorporation of a “Salt” into the hashing process further enhances password defenses. This mitigates the risk of brute force attacks, where hackers attempt to decipher encrypted data systematically.
Weebly reassured its users by stating there was no evidence that customer websites had been improperly accessed and confirmed that it does not retain full credit card numbers on its servers. Nevertheless, they are urging users to change passwords as a precautionary measure.
Foursquare, another recent target, reportedly had its data breach detailed by LeakedSource, claiming that over 22.5 million user accounts were compromised. However, Foursquare has publicly disputed these claims, maintaining that its systems remain secure.
For business owners, these incidents underscore the pressing need for enhanced cybersecurity measures. Adopting frameworks like the MITRE ATT&CK can provide clarity on potential adversary tactics employed in such attacks. Techniques such as initial access and privilege escalation may have been leveraged during these breaches, emphasizing the importance of diligence in managing cybersecurity risks.
As a proactive step, businesses should encourage users to adopt unique and complex passwords across different platforms. Utilizing a reliable password manager can significantly reduce vulnerabilities associated with password reuse. This breach serves as a stark reminder of the evolving landscape of cybersecurity threats and the imperative for organizations to adopt robust security strategies to protect their assets and users’ sensitive information.
