Weebly, a popular hosting platform and website building service, announced on Thursday it will begin notifying more than 40 million customers of a massive data breach dating back to February of 2016.
The San Francisco-based company confirmed the compromise after breach notification site LeakedSource published a blog post with details of the attack.
According to LeakedSource, an anonymous source sent in a database of 43,430,316 users, including usernames, email addresses, passwords and IP addresses.
The site noted the company was storing passwords using Bcrypt – a strong system for scrambling passwords.
“ . . . this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords,” said LeakedSource.
In response to the incident, a Weebly spokesperson said in a statement:
“At this point we do not have evidence of any customer website being improperly accessed. We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident.”
The company added it was taking steps to notify customers of the breach and was working to initiate password resets, as well as implementing stronger password requirements.
“Our security team, with support from outside security consultants, is working to protect our customers and to enhance our network protections,” said Weebly.
Meanwhile, LeakedSource says the database is just one of the hundreds its obtained recently.
The site also published some details of a data breach at Foursquare – a location-based social app.
The incident allegedly occurred back in December of 2013, and affects more than 22 million users, said LeakedSource.