Have you been hacked, or just as importantly, are you likely to get hacked?
We have performed a quick check on some local businesses that we know, and 64% have either had their data compromised, or their website has known vulnerabilities.
There are a few simple and free tools that can help you see for yourself, and the results are scary!
Website security is a very huge and complex topic, and there are so many tools and techniques that hackers can use. However, in this article I’ll be specifically talking about vulnerabilities that are public knowledge, easily accessed, and free to check; the equivalent of leaving your front door key under the doormat.
The most common way that websites are hacked is by using known exploits to open source content management systems, particularly ones that do not have their core system and modules updated. There are lots of these around, but WordPress and Magento have free online tools that can scan your website. If you have a WordPress put your website in www.wpscans.com, wait a few minutes. If you have a Magento shop, put your website address in www.magereport.com . In both cases, known issues will appear in red, and potential issues in grey or orange.
If your website comes up as green, or if you have a website built in another platform, such as Joomla, Drupal, PrestaShop, Laravel or something custom, it doesn’t mean that you are necessarily safe, just that these tools didn’t find it. If you are concerned get in touch with us and we’ll have a quick look (without charge), or advise should you need a more in-depth examination.
From our research, we found that just under a third of websites have known vulnerabilities, and more worrying, a half of WordPress sites are vulnerable to attack.
Changing tack a little, I’m sure you’ve heard of big websites getting hacked; Adobe (152 million accounts), MySpace (359 million accounts) and LinkedIn (164 million accounts) to name a few. In fact over 5 billion accounts have been compromised across almost 300 websites.
If you have an account with any of these, your data may be been accessed and available on the dark web. But why should you care?
Well, in some instances the passwords have been leaked in plain text format, meaning that if you use the same password across multiple websites, it could be freely available to anyone who wants it. Even if it hashed (‘scrambled’) it could still be very easy to break if it was a simple password (for example “butterfly1894”). Hackers will then not only have access to this, but every piece of confidential information in any of your accounts using the same login credentials.
Again we have run some tests, and found that over half of the emails we tried were compromised. You can check for yourself, in seconds, at https://haveibeenpwned.com
Even if you think that don’t care about your information, 33 million people had their data compromised on the Ashley Madison website, essentially a ‘dating’ website for those wanting to cheat on their partner. This information, including users’ email addresses, is available on the dark web… imagine the damage that this could cause.
There are some truly nasty people in this world, and in all honesty very few people take Internet security and privacy as serious as they should.
We are Webbed Feet, we offer website security audits, we can improve the security on vulnerable websites, and to date have a 100% success rate in restoring and securing websites that have been hacked.
Most importantly, we’re friendly, so if you have any questions about anything in this article just get in touch with our team for a free chat.