There are currently 2,649,875,832 / 3,109,103,084 accounts in our database.

Tens of millions of websites at risk in latest mega breach

October 20th, 2016

Table of Contents

Summary

Well known San-Francisco based "drag-n-drop" website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.


Each record in this mega breach contains a username, email address, password, and IP address.


Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head burried deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out. This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disasterous in the wrong hands had they not strongly hashed passwords.


Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.

Passwords

Passwords were stored using uniquely salted Bcrypt hashing and a cost factor of 8. This method of storing passwords gets a 7.5 out of 10 from us because there is lots of room for improvement but far from the worst we've seen. Weebly has also informed us that they've changed their password storage to a cost factor of 10.

Emails

Simple table of top email domains


Rank Email Domain Frequency
1 @gmail.com 12,760,172
2 @yahoo.com 5,760,654
3 @hotmail.com 4,168,402
4 @weebly.com 3,421,602
5 NONE 3,190,390
6 @blank.weebly.c 719,873
7 @aol.com 669,941
8 @live.com 427,420
9 @hotmail.co.uk 403,841
10 @wee 368,058
11 @outlook.com 341,947
12 @ymail.com 267,538
13 @weebly. 211,516
14 @chacuo.net 210,628
15 @027168.com 209,625
16 @163.com 203,031
17 @comcast.net 181,967
18 @yahoo.co.uk 149,512
19 @mail.ru 140,014
20 @weeblycloud.co 139,544
21 @icloud.com 137,526
22 @qq.com 130,685
23 @msn.com 130,410
24 @rocketmail.com 117,507
25 @live.co.uk 97,216
26 @hotmail.fr 92,738
27 @mail.com 92,028
28 @me.com 90,855
29 @aim.com 76,849
30 @sbcglobal.net 75,274
31 @yahoo.co.id 67,757
32 @googlemail.com 65,708
33 @att.net 59,142
34 @yahoo.com.tw 59,109
35 @verizon.net 57,256
36 @rediffmail.com 51,829
37 @yahoo.ca 50,127
38 @yahoo.fr 49,435
39 @hotmail.it 48,719
40 @yahoo.co.in 48,022
41 @abv.bg 47,791
42 @live.nl 46,432
43 @btinternet.com 45,329
44 @web.de 41,954
45 @libero.it 40,699
46 @cox.net 40,649
47 @live.ca 39,400
48 @live.fr 39,244
49 @yahoo.in 39,004
50 @gmx.com 36,800
51 @bellsouth.net 35,575
52 @yahoo.com.vn 33,713
53 @yandex.com 32,541
54 @education.nsw. 32,140
55 @gmx.de 31,305
56 @hotmail.ca 30,376

More Databases

We are virtually up to our eyeballs with hundreds more databases so we've added the following others with this release.


  • Modern Business Solutions - 58,848,226 users - October 2016
  • FourSquare - 22,534,984 users - December 2013

The next mega breach will be processed in a few weeks so keep your eyes on the news Twitter linked above. We will however be adding dozens of smaller sites before then. Additionally we were just given the Adult Friend Finder data so once we verify it, we'll add that as well.