I invite you to research this topic more thoroughly.
First, while there is a recent uptick in breaches, newsworthy ones do not happen every month. There does appear to be something of a clustering effect, which I think is attributable to a number of different causes. [1]
Second, banks, even very large ones like Citigroup and Chase, have been compromised in recent memory. [2] Even the IRS suffered one of the largest breaches ever, just last year. Peripherally "financial" institutions that aren't banks have also suffered breaches, such as every single credit card processor and NASDAQ.
You have a right to be upset about the increasing probability of your passwords being compromised by third parties. As a consumer, you can mitigate the damage of such breaches by 1. using a password manager, 2. using a different password for each and every account you have and 3. generating extremely secure passwords for each account. You can also use services like HaveIBeenPwned [3] to stay ahead of the damage.
However, your indictment here is unreasonable. Like basically everyone else in this thread, you don't have much information to go on yet. Weebly properly hashed and stored their passwords. As far as breaches go, this one is pretty tame. They are reacting responsibly and quickly considering the breach happened this year - normally we'd find out about this in three years. We do not yet know the root cause of the attack, and the criticism you're levying against Weebly is equally applicable to the industries you believe are more safe (they aren't). While many "web 2.0" companies may be rather lax in security, Weebly did not do anything obviously wrong or negligent here.
________________________
1. As data breaches become more of a hot topic, they will be more likely to be reported widely because it guarantees eyeballs. Similarly, it increases scrutiny, which aids in discoverability, and leads to more copycat hackers attempting these breaches for fame or fortune.
They kept the usernames in the clear. It is possible to create a service that never stores usernames but only hashes of them too. Keep an email linked to that account for a reset of the username / password combo.
Then breaches only reveal emails and a pair of hashes, so to control the account you need to control the email.
It is possible to do any number of weird things that practically nobody in the whole world, including companies with the best security teams in the world, actually do. Tokenizing email address is indeed one of those weird things.
First, while there is a recent uptick in breaches, newsworthy ones do not happen every month. There does appear to be something of a clustering effect, which I think is attributable to a number of different causes. [1]
Second, banks, even very large ones like Citigroup and Chase, have been compromised in recent memory. [2] Even the IRS suffered one of the largest breaches ever, just last year. Peripherally "financial" institutions that aren't banks have also suffered breaches, such as every single credit card processor and NASDAQ.
You have a right to be upset about the increasing probability of your passwords being compromised by third parties. As a consumer, you can mitigate the damage of such breaches by 1. using a password manager, 2. using a different password for each and every account you have and 3. generating extremely secure passwords for each account. You can also use services like HaveIBeenPwned [3] to stay ahead of the damage.
However, your indictment here is unreasonable. Like basically everyone else in this thread, you don't have much information to go on yet. Weebly properly hashed and stored their passwords. As far as breaches go, this one is pretty tame. They are reacting responsibly and quickly considering the breach happened this year - normally we'd find out about this in three years. We do not yet know the root cause of the attack, and the criticism you're levying against Weebly is equally applicable to the industries you believe are more safe (they aren't). While many "web 2.0" companies may be rather lax in security, Weebly did not do anything obviously wrong or negligent here.
________________________
1. As data breaches become more of a hot topic, they will be more likely to be reported widely because it guarantees eyeballs. Similarly, it increases scrutiny, which aids in discoverability, and leads to more copycat hackers attempting these breaches for fame or fortune.
2. https://en.m.wikipedia.org/wiki/List_of_data_breaches
3. https://haveibeenpwned.com