Sign in / up

back to article DIY website builder Weebly was secured feebly

Another day, another three major breaches: this time at do it yourself website builder Weebly, which has been revealed as secured feebly, as were FourSquare and Modern Business Solutions. A letter to users kindly forwarded to The Register by reader “Ham” explains the situation Weebly as follows: Weebly recently became aware …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. CaptSmegHead
    Thumb Down

    I received the same email this morning.... the final paragraph reads as follows:

    The security of your account is our highest priority, and we remain deeply committed to protecting your websites and personal information.

    2 0 Reply
  2. Dan 55 Silver badge
    Facepalm

    Troy Hunt's going to be working overtime. Again.

    0 0 Reply
  3. VinceH

    "LeakedSource also mentions [....] that it's aware of 58,848,226 users' records from Modern Business Solutions and 22,534,984 Foursquare credentials. The latter breach was in December 2013, but Modern Business Solutions was popped just this month."

    FTFY!

    But what I actually wanted to comment on was this:

    "As ever a sound response to the state of utter insecurity in which we find ourselves is to employ a password manager, not re-using passwords and only using discrete passwords and credentials for the services that expose you to financial loss."

    It's also worth thinking about per-site email addresses.

    When I started doing that, some time in the Bronze Age in internet terms, it was so if I received spam to any given address I'd know which site leaked the address.

    Over time it's evolved from simply their_name@my_domain, and is instead based on their name, but not with a fixed, discernible pattern, and will be at one of a number of subdomains (which reduces the number to migrate if necessary). And I now consider it to also be an element of security - albeit by obscurity: a leak might reveal my details for Site A are this_email and that_password; but my details for Sites B, C, D, E, F, etc. won't match either.

    3 0 Reply
    1. Wensleydale Cheese
      Reply Icon

      "It's also worth thinking about per-site email addresses."

      And as you have done, review your policy from time to time.

      While I've used throwaway and site-specific addresses for a long time for sites I don't know much about, I am now finding that formerly "trusted sites" seem to be leaking (think Spam), so am revising my email addresses on those.

      3 0 Reply
  4. Alistair
    Coat

    Okay - so its a bad one, but I have to:

    Did da widdle weebly go aww wobbly?

    (or am I the only one that remembers weebles wobbling but not falling down? -- and I did raise the point when I first heard about the company.)

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon