Is your website pwned?
“You just got pwned!”
In the gaming world, pwn is a leetspeak term for dominating a rival. However, nowadays, pwn is associated with hacking. Being pwned is being compromised. It may mean compromising a computer, a smartphone, and even websites and email addresses.
Recently, researchers created a technology that detects unannounced breaches of information. They created a bot called Tripwire that registers and creates accounts on thousands of websites on its own. By using this bot, researchers found out that one percent of the websites they monitored were hacked within the last 18 months.
While one percent may seem small in number, in terms of billions of websites over the worldwide web, this means tens of millions. To give you an example, a 1/100 hack rate means out of the 1000 websites, ten are most likely to be hacked. Just imagine if we count all the websites on the Internet.
The Tripwire bot created an email address for each account and re-used an old password to determine if a third party can use that password to access the account. If yes, then it is an indication of a data breach.
Another thing, most people use their email provider’s account (like Google or Yahoo) to register in other websites. Tripwire discovered that there are email accounts that were left unused for registering and it indicates that the data breach came from the third party (the website where they registered) and not from the email service provider. That should sound an alarm to the InfoSec team.
Another test it conducted was to create two email accounts: one with an easy password and the other with a difficult password. If there is a data breach on both, it indicates that the website is still storing passwords in text format.
So what does it mean for your website?
Small business websites are prone to hacking because these solo entrepreneurs lack the technology expertise and site security that big corporations have. Once pwned, it will take time for the website to be repaired and get back to business. That means temporary loss of online traffic, leads, customers, and sales.
It could also put the website in the blacklist of search engines like Google. A note that says, “This site may be compromised” can cast a shadow of doubt among web visitors.
What will you do in order not to get pwned?
- Keep your software up to date. — Hackers target security flaws in web software such as content management systems and blogging programs. Use the latest versions of software and apply security patches promptly when updating.
- Use strong passwords and keep them safe. — Use strong passwords and never share them. Hackers crack or steal passwords for web software and FTP servers. These are computers that use the File Transfer Protocol to move web pages and other files to another computer, such as a web-hosting server.
- Use an updated anti-virus program. — Protect your PCs from a virus infection since that can also lead to information theft.
- Register with Google’s Webmaster Tools. — By registering with Webmaster Tools, you can receive notifications of malware infections immediately. The service also provides details about the precise problem Google is seeing.
- Get expert help. — Consult a professional and ask questions. They may provide business solutions when it comes to information security.