Wix

We've been tracking a steady increase in smaller, targeted data breaches affecting specific SaaS platforms. What really struck us about this particular incident wasn't the overall volume of records, but rather the specific nature of the data exposed and its potential for follow-on attacks. The data had been circulating quietly for several months before it caught wider attention, but we noticed a spike in chatter referencing potentially compromised Wix websites. The setup here felt different because the data wasn't directly customer PII, but rather detailed logs that could be leveraged for reconnaissance.

Wix Website Logs Exposed: 425k Email Addresses and IP Addresses Leaked

In February 2023, a data breach at Wix resulted in the exposure of over 640,000 records related to Wix-created websites. The breach, which was initially overlooked due to its technical nature, included approximately 425,000 unique email addresses, along with associated IP addresses and homepage URLs. This information was subsequently posted on a popular hacking forum, increasing the potential for malicious use.

The breach came to light in late February 2023, when our team observed a new posting on a well-known hacking forum offering a database purportedly belonging to Wix. While initial reports focused on the total record count, we were more concerned by the type of data included, suggesting it was not a direct compromise of user accounts but rather a leak of internal website logs. This distinction is crucial because the logs provide valuable insight into website infrastructure and associated administrators.

This incident matters to enterprises now because it underscores the risk associated with even seemingly innocuous data leaks. While the breached data doesn't include passwords or sensitive personal information, the exposed email and IP addresses can be used for targeted phishing campaigns, reconnaissance, and even attempts to identify and exploit vulnerabilities in Wix-hosted websites. This breach highlights a broader threat theme of attackers leveraging technical logs for reconnaissance and attack surface mapping.

Key point: Total records exposed: 640,000+

Key point: Unique email addresses: 425,000+

Key point: Data types included: Email addresses, IP addresses, homepage URLs

Key point: Sensitive content types: Website log data

Key point: Source structure: Database

Key point: Leak location: Popular hacking forum

Key point: Date of first appearance: February 26, 2023

External Context & Supporting Evidence

While the Wix breach itself hasn't garnered widespread media attention, similar incidents involving exposed log data have been reported. For example, in 2019, security researcher Vinny Troia discovered a massive leak of marketing and sales data, including email addresses and IP addresses, which were being used for targeted phishing campaigns (ZDNet, archived link). The Wix breach follows a similar pattern, highlighting the persistent threat of exposed log data.

Discussions on various cybersecurity forums and Telegram channels indicate that the leaked Wix data is being actively traded and analyzed by threat actors. One Telegram post claimed the files were being used to identify Wix websites with outdated plugins and themes, making them vulnerable to exploitation. This aligns with the broader trend of attackers automating the process of identifying and exploiting vulnerabilities in web applications.

Email · Address · Ip