43 Million Weebly and 22 Million Foursquare Accounts Stolen (techcrunch.com) 15
LeakedSource is reporting that the web design platform Weebly was hacked in February, affecting more than 43 million accounts. They have also reported a smaller hack involving 22.5 million Foursquare accounts, which were compromised in December 2013. TechCrunch: "We do not believe that any customer website has been improperly accessed," Weebly said in the notice to users. The company also said that it does not store credit card information, making fraudulent charges unlikely. LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued -- but, if you're a Weebly user and you don't receive a password reset, you probably want to change your password anyway. Meanwhile, LeakedSource also identified data from Foursquare, claiming that 22.5 million accounts were compromised in December 2013. The social media company disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.
Sigh (Score:2)
This is beginning to get ridiculous.
Re:Sigh (Score:4, Insightful)
Unique passwords seem to be the only solution. Assume all sites will be compromised.
I wish Slashdot supported 2 factor.
And now a lot of people are remembering... (Score:1)
And now a lot of people are remembering that they even had these accounts in the first place.
Re: (Score:2)
I had to look them up to figure out what they are... nope never had an account for either of those.
Re: (Score:1)
Wrong Department (Score:2)
This was mis-marked...it should be from the "No-One-Really-Cares" dept.
Is it just me? (Score:2)
My reaction was "What and what?". Anybody else?
So it's a feature? (Score:2)
[Foursquare] disputes the findings, claiming that email addresses were simply cross-referenced with publicly available data from Foursquare. The data includes emails, usernames and Facebook and Twitter IDs, which could have been scraped from Foursquare's API or search.
So what Foursquare seems to be saying is that anyone can access their customer data via their API, therefore this was not a data breach. Did I understand that correctly? I didn't RTFA of course, so the data disclosed via API could be harmless, but it just doesn't seem like a good idea to make customer data publicly available.