Widely used Weebly has systems breached: Alert Priority Moderate
Weebly – a widely used service that enables businesses and individuals to create websites, blogs or online stores – has reported a breach involving data from a large number of customers. If you use the service, you are advised to reset your password as quickly as possible.
In an email to users, Weebly said ‘an unauthorised party’ obtained email addresses and/or usernames, IP addresses and encrypted passwords for a ‘large number’ of customers. Access to these credentials could allow someone to take control of Weebly services, or carry out malicious activity using legitimate accounts.
Media reports state that the breach may have compromised the data of millions of customers.
Weebly is reported as stating it did not believe any customer websites had been improperly accessed, and as the company did not store full credit card numbers, it did not believe any credit card information that could be used for fraudulent charges ‘was part of this incident’.
As well as advising customers to reset passwords, Weebly said it had added a new feature that allowed users to view and verify recent account activity.
Stay Smart Online advises that users of any online service that has been breached should change their passwords/passphrases for that service and consider doing so for any other online service they use as well. You should not use the same access details for more than one online service and we recommend that you use two factor or multi-factor authentication when available.
Stay Smart Online also recommends that users be on the lookout for suspicious emails. You should avoid opening or forwarding emails from unknown senders and do not reply to suspicious messages with personal or financial details. If you are uncertain about a message, confirm with the organisation using details obtained from its website or other legitimate source (not from the message itself).
The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Feedback Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
Disclaimer This information has been prepared by Enex TestLab for the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing. This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice. The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise. Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service. Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.