Unravelling just how vulnerable your details on your favourite websites are, a new study says that out of the top 1000 most visited sites on the Internet, ten are likely to be hacked every year.
“No one is above this – companies or nation states — it’s going to happen; it’s just a question of when,” said the paper’s senior author Alex C. Snoeren, Professor at the University of California San Diego in the US.
One percent might not seem like much. But given that there are over a billion sites on the Internet, this means tens of millions of websites could be breached every year, said Joe DeBlasio, one of Snoeren’s Ph.D. students and the paper’s first author.
“One per cent of the really big shops getting owned is terrifying,” DeBlasio said.
The computer scientists built and successfully tested a tool designed to detect when websites are hacked by monitoring the activity of email accounts associated with them. The team presented the tool at the ACM Internet Measurement Conference in London.
The concept behind the tool, called Tripwire, is relatively simple.
DeBlasio created a bot that registers and creates accounts on a large number of websites — around 2,300 were included in their study.
Each account is associated with a unique email address.
The tool was designed to use the same password for the email account and the website account associated with that email.
Researchers then waited to see if an outside party used the password to access the email account. This would indicate that the website’s account information had been leaked.
The researchers were surprised to find that almost one percent of the websites they tested had suffered a data breach during their 18-month study period, regardless of how big the companies’ reach and audience are.