Sign in / up

back to article One per cent of all websites probably p0wned each year, say boffins

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months. University of California San Diego researcher Joe DeBlasio, who conducted the study under professor Alex Snoeren said the number was …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Nice study, nice technique. The interesting part here is that they specifically did not release the cracked sites as the subjects did not volunteer to participate in the study. Would that more had similar ethics. Here's looking at you, Facebook. Jus' sayin'.

    7 0 Reply
    1. Randy Hudson
      Reply Icon

      Thumbs for the optative subjunctive.

      2 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      I bet the vast majority of compromised sites were running Linux. They are about 4-5 times more likely to get hacked than an internet facing Windows Server these days.

      0 8 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        I don't suppose the AC has any stats to back that up? Of course not, he gets his 'facts' from the same place as Breitbart, no doubt!

        0 0 Reply
        1. bombastic bob Silver badge
          Reply Icon

          he gets his 'facts' from the same place as Breitbart CNN and MSNBC, no doubt!

          Fixed it for ya!

          0 2 Reply
  2. Anonymous Coward
    Anonymous Coward

    What percentage of these were sold? I'm sure there are some nefarious people that sell off their own data on users.

    0 0 Reply
    1. bombastic bob Silver badge
      Reply Icon
      Alert

      "What percentage of these were sold"

      I would also be interested in seeing the kinds of spam-mailings they received (and from whom, and what the privacy policies were supposed to be, etc.).

      0 0 Reply
  3. Bronek Kozicki

    Interesting technique

    Create unique email address (i.e. the user name that is hard to guess even by brute force, as-if good password) and use easily guessable password for that one. Create another unique email address, but with a strong password. If first account was breached, that means the email leaked (or email + easy password hash). If second was breached, that means plain text password leaked. I would be interested if such monitoring of websites was standard and users were informed of results.

    0 0 Reply
  4. Alan J. Wylie

    Not to be confused

    with Tripwire the company or their file integrity monitoring product.

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Not to be confused

      .. who used to have the most glorious vulnerability posters ever.

      That was bloody good marketing IMHO.

      0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    What I don't understand

    Why would someone who gets the passwords test them out by logging in with them? If the Reg was hacked, why would the hackers login with all of our accounts to test them? If you test a few you know they work, and testing them all would probably set off alarms with some. Plus it isn't like having control of a lot of accounts at a place like this is of any use to anyone.

    Now if it was a bank or something, sure, then it would be something they'd test because they'd want to use them.

    If they're really seeing 1% of their accounts get logged in to, the real percentage of compromised sites may be much higher!

    As for the "well known American startup", that sure sounds a lot like Uber. Another "feather" in their cap...

    1 0 Reply
    1. Mark 85
      Reply Icon

      Re: What I don't understand

      Plus it isn't like having control of a lot of accounts at a place like this is of any use to anyone.

      True up to a point but many people reuse their login names and passwords. So it's worth the time for the bad guys to test them, not just "here" but over "there" and "there".....

      0 0 Reply
  6. sloshnmosh

    Uber?

    DeBlasio and Snoeren notified the security teams at the 19 sites in their sample that had suffered breaches (they said those included “a well-known American startup with more than 45 million active users”).

    0 0 Reply
  7. Michael Wojcik Silver badge

    Rounding down a bit, are we?

    The title says "each year", but the article and the university's announcement both say the study determined nearly 1% were hacked over an 18-month period.

    It's been a long year, figuratively, but I'm pretty sure chronologically it was the usual number of months.

    Still, as others have said, it's a nice study and methodology. Nothing astounding but often the useful results aren't.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like