There are currently 2,995,133,319 / 4,748,055,404 accounts in our database.
We are in the process of re-indexing databases that where lost.
There are currently 2,995,133,319 / 4,748,055,404 accounts in our database.
We are in the process of re-indexing databases that where lost.
October 20th, 2016
Well known San-Francisco based "drag-n-drop" website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.
Each record in this mega breach contains a username, email address, password, and IP address.
Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out. This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords.
Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.
Passwords were stored using uniquely salted Bcrypt hashing and a cost factor of 8. This method of storing passwords gets a 7.5 out of 10 from us because there is lots of room for improvement but far from the worst we've seen. Weebly has also informed us that they've changed their password storage to a cost factor of 10.
Simple table of top email domains
| Rank | Email Domain | Frequency |
|---|---|---|
| 1 | @gmail.com | 12,760,172 |
| 2 | @yahoo.com | 5,760,654 |
| 3 | @hotmail.com | 4,168,402 |
| 4 | @weebly.com | 3,421,602 |
| 5 | NONE | 3,190,390 |
| 6 | @blank.weebly.c | 719,873 |
| 7 | @aol.com | 669,941 |
| 8 | @live.com | 427,420 |
| 9 | @hotmail.co.uk | 403,841 |
| 10 | @wee | 368,058 |
| 11 | @outlook.com | 341,947 |
| 12 | @ymail.com | 267,538 |
| 13 | @weebly. | 211,516 |
| 14 | @chacuo.net | 210,628 |
| 15 | @027168.com | 209,625 |
| 16 | @163.com | 203,031 |
| 17 | @comcast.net | 181,967 |
| 18 | @yahoo.co.uk | 149,512 |
| 19 | @mail.ru | 140,014 |
| 20 | @weeblycloud.co | 139,544 |
| 21 | @icloud.com | 137,526 |
| 22 | @qq.com | 130,685 |
| 23 | @msn.com | 130,410 |
| 24 | @rocketmail.com | 117,507 |
| 25 | @live.co.uk | 97,216 |
| 26 | @hotmail.fr | 92,738 |
| 27 | @mail.com | 92,028 |
| 28 | @me.com | 90,855 |
| 29 | @aim.com | 76,849 |
| 30 | @sbcglobal.net | 75,274 |
| 31 | @yahoo.co.id | 67,757 |
| 32 | @googlemail.com | 65,708 |
| 33 | @att.net | 59,142 |
| 34 | @yahoo.com.tw | 59,109 |
| 35 | @verizon.net | 57,256 |
| 36 | @rediffmail.com | 51,829 |
| 37 | @yahoo.ca | 50,127 |
| 38 | @yahoo.fr | 49,435 |
| 39 | @hotmail.it | 48,719 |
| 40 | @yahoo.co.in | 48,022 |
| 41 | @abv.bg | 47,791 |
| 42 | @live.nl | 46,432 |
| 43 | @btinternet.com | 45,329 |
| 44 | @web.de | 41,954 |
| 45 | @libero.it | 40,699 |
| 46 | @cox.net | 40,649 |
| 47 | @live.ca | 39,400 |
| 48 | @live.fr | 39,244 |
| 49 | @yahoo.in | 39,004 |
| 50 | @gmx.com | 36,800 |
| 51 | @bellsouth.net | 35,575 |
| 52 | @yahoo.com.vn | 33,713 |
| 53 | @yandex.com | 32,541 |
| 54 | @education.nsw. | 32,140 |
| 55 | @gmx.de | 31,305 |
| 56 | @hotmail.ca | 30,376 |
We are virtually up to our eyeballs with hundreds more databases so we've added the following others with this release.
The next mega breach will be processed in a few weeks so keep your eyes on the news Twitter linked above. We will however be adding dozens of smaller sites before then. Additionally we were just given the Adult Friend Finder data so once we verify it, we'll add that as well.