Website creator Weebly leaks over 43 million accounts

One of the world's most popular personal and business website creation platforms, Weebly, has suffered a data breach believed to affect over 43 million user accounts.

The company confirmed the breach to iTnews.

"Weebly recently became aware that an unauthorised party obtained email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers," the webhoster's manager of public relations, Kim Chappell said in a statement to iTnews.

"At this point we do not have evidence of any customer website being improperly accessed.

"We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident."

Weebly did not provide details on how the hack took place.

The breach was first made public by website LeakedSource which publicises searchable user data that's been posted on the internet. 

LeakedSource tallied up the number of user accounts in the Weebly database and said it contained 43,430,316 records.

It obtained the file, dated at February 2016, from an anonymous source.

The site said it had contacted Weebly co-founder and chief technical officer Chris Fanini before publication of the data breach.

Weebly passwords are stored with uniquely salted Bcrypt cryptographic hashing, using a cost or iteration factor of eight. Weebly told LeakedSource that it would increase the cost factor to ten, to make password cracking or brute-force guessing more computationally expensive.