I'm kind of tired of the "Security is hard, every one gets hacked eventually and we are just victims" mentality. This is not true. Why don't we see peoples banking information plastered over the web every month? That if something would be a high value target. No, it's always these Web 2.0 services this happens to. Now, you could argue that a small SAAS service can not possibly afford security as rigorous as a bank, but guess what, if you are going to handle peoples information, and don't have the assets to protect it, then maybe your business is not viable enough?
I invite you to research this topic more thoroughly.
First, while there is a recent uptick in breaches, newsworthy ones do not happen every month. There does appear to be something of a clustering effect, which I think is attributable to a number of different causes. [1]
Second, banks, even very large ones like Citigroup and Chase, have been compromised in recent memory. [2] Even the IRS suffered one of the largest breaches ever, just last year. Peripherally "financial" institutions that aren't banks have also suffered breaches, such as every single credit card processor and NASDAQ.
You have a right to be upset about the increasing probability of your passwords being compromised by third parties. As a consumer, you can mitigate the damage of such breaches by 1. using a password manager, 2. using a different password for each and every account you have and 3. generating extremely secure passwords for each account. You can also use services like HaveIBeenPwned [3] to stay ahead of the damage.
However, your indictment here is unreasonable. Like basically everyone else in this thread, you don't have much information to go on yet. Weebly properly hashed and stored their passwords. As far as breaches go, this one is pretty tame. They are reacting responsibly and quickly considering the breach happened this year - normally we'd find out about this in three years. We do not yet know the root cause of the attack, and the criticism you're levying against Weebly is equally applicable to the industries you believe are more safe (they aren't). While many "web 2.0" companies may be rather lax in security, Weebly did not do anything obviously wrong or negligent here.
________________________
1. As data breaches become more of a hot topic, they will be more likely to be reported widely because it guarantees eyeballs. Similarly, it increases scrutiny, which aids in discoverability, and leads to more copycat hackers attempting these breaches for fame or fortune.
They kept the usernames in the clear. It is possible to create a service that never stores usernames but only hashes of them too. Keep an email linked to that account for a reset of the username / password combo.
Then breaches only reveal emails and a pair of hashes, so to control the account you need to control the email.
It is possible to do any number of weird things that practically nobody in the whole world, including companies with the best security teams in the world, actually do. Tokenizing email address is indeed one of those weird things.
So true. They also have government agencies on their side. If you hack a bank, you're messing with money which suddenly involves a whole raft of governmental agencies.
That's ridiculous; older businesses and government services are compromised all the time!
And let's not forget that there is a spectrum of value associated with information. On the one hand, I'd rather my bank details and payments weren't publicly released. On the other… IP address, bcrypted password and email address? Minimal relative value.
The reason this attack became known as the swift hack is because the hackers were able to send messages over the swift network to transfer money around, however this how the system is supposed to operate, it's what the swift network does.
What was hacked was the bank where the messages were sent from.
If you read the article (any of the articles) the headlines always talk about the 'swift hack' however it was the _banks_ that were hacked (and the article says so), not swift.
