According to reports, a February 2016 breach has caused Weebly, a user-created website service, to be the latest victim in the rising trend of data breaches. The data breach at Weebly, affecting 43,430,316 customers dating back to 2007, revealed email addresses and/or usernames, IP addresses and encrypted (bcrypt hashed) passwords for a large number of customers. A data breach notification was sent to all affected customers on 10/20/16 informing them of the breach and advising on potential responses such as changing passwords. Weebly issued a statement:
“We do not store any full credit card numbers on Weebly servers, and at this time we’re not aware that any credit card information that can be used for fraudulent charges was part of this incident. We are taking steps to notify our customers – and we are taking swift action to address the situation. Our security team, with support from outside security consultants, is working to protect our customers and to enhance our network protections. This includes initiating password resets, implementing new password requirements and a new dashboard that gives customers an overview of recent log-in history of their Weebly account to track account activity.”
A Silver Lining to the Weebly Data Breach?
The silver lining of this Weebly data breach, and indeed the takeaway for similarly situated online businesses, is that encryption of sensitive information in the evolving world of data breaches in imperative. Had these passwords not been encrypted an assault on over 40 million websites could have occurred with disastrous results. What is more, these same passwords could have provided access to countless other accounts and information from users using the same passwords for multiple sites and services. While email addresses, usernames, and IP addresses can be useful for identity thieves, they constitute only pieces of the puzzle.
Forming a Data Breach Response Plan
Let this Weebly data breach be a lesson. In a world of daily breaches, and a looming negligence claim for those not properly protecting the information of others, encryption is king. Companies to have a clear data breach response plan in place in the event of a data breach. Revision Legal understands the dynamic nature of Cyber Security. Revision Legal has worked with businesses of all sizes to assess data retention risks, and, when necessary, provide counsel on breach notifications in all 50 states. If you have concerns about your exposure or have received notice that a breach has occurred affecting you website, contact the experienced data breach attorneys at Revision Legal as soon as possible. Civil fines are available in some states for a failure to expeditiously notify those affected by breaches, so if a breach has occurred, you need the legal team from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.
Photo credit: Weebly.