Data breaches have been all over the news lately. We recently told you about the largest breach of all-time when billions of Yahoo accounts were exposed.
Well, the news isn't getting any better. We've just learned about a massive data breach at a popular web design site that affects tens of millions of accounts.
The popular website creating service, Weebly, had information on 43,430,316 users leaked back in February. The breach of Weebly's main database was discovered by LeakedSource, who received a database of credentials from an anonymous source.
Usernames, email addresses, passwords and IP addresses were all leaked in the breach. The good news is, passwords at Weebly were stored with Bcrypt hashing. This means the passwords were encrypted when they were stolen, making it much more difficult for the cybercriminal to crack them.
Weebly says that credit card information is not stored on the site, so users shouldn't see any fraudulent charges. The company is also notifying customers through emails to reset their passwords.
What you need to do:
- Change your password - If you use Weebly, the first thing you need to do is change your password. Even if you are not notified by the company, you should still change it immediately. Read this article to help you create the perfect passwords.
- Watch your bank account - Even though Weebly doesn't store credit card information, you should keep an eye on your bank statements. Since the breach occurred in February, look at your statements that date back to that time. If you see any suspicious activity, report it to your financial institution immediately.
- Check other accounts - With major data breaches like this, password reuse attacks will inevitably happen. If you are using the same passwords for multiple accounts, it is important that you review and change them now as well. If you don't know by now, it is bad practice to use the same password across different services.
- Beware of phishing - Carefully scrutinize any emails or texts claiming to be from Weebly, they might be just fraudulent attempts to steal more of your personal information. Once the news of a data breach gets out, opportunistic cybercriminals try and scam unsuspecting people with phishing attacks.
- Use a password manager - You can use a third-party password manager to automatically create unique and complex passwords for you across multiple sites.