43 Million Weebly and 22 Million Foursquare Accounts Stolen (techcrunch.com)

← Back to Stories (view on slashdot.org)

43 Million Weebly and 22 Million Foursquare Accounts Stolen (techcrunch.com)

Posted by BeauHD on Friday October 21, 2016 @09:30AM from the security-breach dept.

LeakedSource is reporting that the web design platform Weebly was hacked in February, affecting more than 43 million accounts. They have also reported a smaller hack involving 22.5 million Foursquare accounts, which were compromised in December 2013. TechCrunch: "We do not believe that any customer website has been improperly accessed," Weebly said in the notice to users. The company also said that it does not store credit card information, making fraudulent charges unlikely. LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued -- but, if you're a Weebly user and you don't receive a password reset, you probably want to change your password anyway. Meanwhile, LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013. The social media company disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.

15 comments

Min score:

Reason:

Sort:

Ohhhh noes by Anonymous Coward · 2016-10-21 09:35 · Score: 0

43 million phishing pages are in jeopardy!
Sigh by nospam007 · 2016-10-21 09:43 · Score: 1

This is beginning to get ridiculous.
1. Re: Sigh by Anonymous Coward · 2016-10-21 09:45 · Score: 0
  
  Shut the fuck up!
2. Re:Sigh by AmiMoJo · 2016-10-21 09:52 · Score: 3, Insightful
  
  Unique passwords seem to be the only solution. Assume all sites will be compromised.
  I wish Slashdot supported 2 factor.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:Sigh by Anonymous Coward · 2016-10-21 11:08 · Score: 0
  
  Weeply
Obligatory by Anonymous Coward · 2016-10-21 09:44 · Score: 0

And nothing of value was lost.
oh it's this thread again by Anonymous Coward · 2016-10-21 09:48 · Score: 0

so when will something be done about it? and no i don't want everything to go through google and/or fb.
1. Re:oh it's this thread again by Anonymous Coward · 2016-10-21 10:09 · Score: 0
  
  Hardening security only goes so far. Attacks, where a login/pass was obtained laterally, by burgling the db admins house, for example, are not really possible to defend against within a reasonable budget. And nobody who matters, are interested in secure hardware, secure protocols, secure this and secure that. Because insecurity pays better in the long term. Insecurity is cheaper and faster to manufacture. An insecurity empowers all actors who know about it, so the bigger the actor, the more profit they will eventually gain from it, I think.
  The knowledge about exploiting the insecurities is widespread, and free. Do you really want the government or military to have uncrackable systems? What about big corporations/your ideological enemies?
  So, its never going to stop. There is no solution.
And now a lot of people are remembering... by TodPunk · 2016-10-21 09:56 · Score: 1

And now a lot of people are remembering that they even had these accounts in the first place.

--
This forum Sig is licensed under the LGPL.
1. Re:And now a lot of people are remembering... by pr0fessor · 2016-10-21 10:01 · Score: 1
  
  I had to look them up to figure out what they are... nope never had an account for either of those.
2. Re:And now a lot of people are remembering... by megamind · 2016-10-22 03:29 · Score: 1
  
  I wonder if they use the same password for their bank accounts?
Weebly+Foursquare=Geocities by Anonymous Coward · 2016-10-21 10:52 · Score: 0

some kind of other faceless social network clone gets owned. Millions of 14 year olds cried out.
Wrong Department by JustAnotherOldGuy · 2016-10-21 12:03 · Score: 1

This was mis-marked...it should be from the "No-One-Really-Cares" dept.

--
Just cruising through this digital world at 33 1/3 rpm...
Is it just me? by Hognoxious · 2016-10-21 19:57 · Score: 1

My reaction was "What and what?". Anybody else?

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
So it's a feature? by RuffMasterD · 2016-10-21 22:24 · Score: 1

[Foursquare] disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.
So what Foursquare seems to be saying is that anyone can access their customer data via their API, therefore this was not a data breach. Did I understand that correctly? I didn't RTFA of course, so the data disclosed via API could be harmless, but it just doesn't seem like a good idea to make customer data publicly available.

--
Human Rights, Article 12: Freedom from Interference with Privacy, Family, Home and Correspondence