There are currently 4,484,273,603 accounts in our database.

Tens of millions of websites at risk in latest mega breach

October 20th, 2016

Table of Contents

Summary

Well known San-Francisco based "drag-n-drop" website creator Weebly.com had information on 43,430,316 users leaked from its main database in February of 2016. This database was provided to us by an anonymous source.


Each record in this mega breach contains a username, email address, password, and IP address.


Unlike nearly every other hack, the Co-founder and CTO of Weebly Chris Fanini fortunately did not have his head buried deeply in the sand and actually responded to our communication requests. We have been working with them to ensure the security of their users meaning password resets as well as notification emails are now being sent out. This mega breach affects not only tens of millions of users but tens of millions of websites and with Weebly being one of the most popular hosting platforms in the world, this breach could have been far more disastrous in the wrong hands had they not strongly hashed passwords.


Anyone may use any information on this page for free provided LeakedSource is given credit and a direct link back.

Passwords

Passwords were stored using uniquely salted Bcrypt hashing and a cost factor of 8. This method of storing passwords gets a 7.5 out of 10 from us because there is lots of room for improvement but far from the worst we've seen. Weebly has also informed us that they've changed their password storage to a cost factor of 10.

Emails

Simple table of top email domains


RankEmail DomainFrequency
1@gmail.com12,760,172
2@yahoo.com5,760,654
3@hotmail.com4,168,402
4@weebly.com3,421,602
5NONE3,190,390
6@blank.weebly.c719,873
7@aol.com669,941
8@live.com427,420
9@hotmail.co.uk403,841
10@wee368,058
11@outlook.com341,947
12@ymail.com267,538
13@weebly.211,516
14@chacuo.net210,628
15@027168.com209,625
16@163.com203,031
17@comcast.net181,967
18@yahoo.co.uk149,512
19@mail.ru140,014
20@weeblycloud.co139,544
21@icloud.com137,526
22@qq.com130,685
23@msn.com130,410
24@rocketmail.com117,507
25@live.co.uk97,216
26@hotmail.fr92,738
27@mail.com92,028
28@me.com90,855
29@aim.com76,849
30@sbcglobal.net75,274
31@yahoo.co.id67,757
32@googlemail.com65,708
33@att.net59,142
34@yahoo.com.tw59,109
35@verizon.net57,256
36@rediffmail.com51,829
37@yahoo.ca50,127
38@yahoo.fr49,435
39@hotmail.it48,719
40@yahoo.co.in48,022
41@abv.bg47,791
42@live.nl46,432
43@btinternet.com45,329
44@web.de41,954
45@libero.it40,699
46@cox.net40,649
47@live.ca39,400
48@live.fr39,244
49@yahoo.in39,004
50@gmx.com36,800
51@bellsouth.net35,575
52@yahoo.com.vn33,713
53@yandex.com32,541
54@education.nsw.32,140
55@gmx.de31,305
56@hotmail.ca30,376

More Databases

We are virtually up to our eyeballs with hundreds more databases so we've added the following others with this release.


  • Modern Business Solutions - 58,848,226 users - October 2016
  • FourSquare - 22,534,984 users - December 2013

The next mega breach will be processed in a few weeks so keep your eyes on the news Twitter linked above. We will however be adding dozens of smaller sites before then. Additionally we were just given the Adult Friend Finder data so once we verify it, we'll add that as well.

Follow @LeakedDatabase