Hacking Statistics & Top Data Breaches – WordPress, Magento, Drupal, Joomla, OpenCart & Prestashop
“The web is not the web we wanted in every respect.”
Ailing with menace like cybercrimes, data breaches, privacy compromisations, the web has become quite a scary place to be. To give you an idea of how many people get hacked, we have compiled these hacking statistics 2019.
Still, we can’t deny the fact that the web also simplified our lives to an astonishing extent. And to be honest, we can’t do without the internet now. However, as of 2019, it also threatens to harm severely if we left loose even the tiniest security bolt. Further, the pace with which websites are coming live still demands a reliable solution to this problem. The following stats related to the web and its exploitation points towards an alarming situation.
Web Statistics 2019
- As of January 1, 2019, there were 410066787 internet users all around the globe. An increase of 20% from being 3.42 billion at the end of 2016.
- The largest numbers of internet users in the world are from Asia (49.7%) distantly followed by Europe (16.8%), Africa (11%) & Latin/Carribean America (10.4%)
- The overall penetration rate of the globe is 55.1% as compared to 35% in 2013.
- As of January 2019, there are over 1.94 billion websites on the internet. The first-ever website was info.cern.ch, published on August 6, 1991, by Berners-Lee.
- 51.8% of all traffic on the web comes from automated tools such as bots, botnets, scrapers, skimmers, etc. Only 48.2% of internet traffic comes from humans.
- The first choice to build a CMS is WordPress, followed by Joomla and Drupal. WordPress has the largest market share and powers 33% of all the websites on the web.
Source – Website Hosting Rating
The below table shows the growth rate of internet users over time
Number of Web Users
|Year||Number of users (millions)||% of World Population|
Source – Internetworldstats
Internet Users in 2019
Hacking Statistics 2019
- 73% cyberattacks are carried out for economic reasons. Further, the cost of cybercrime damages will reach $6 trillion (increase $3 trillion from the previous year) annually by 2021.
- Around 4000 ransomware attacks happen daily.
- 1 out of every 131 emails has been found to contain malware.
- Around 93% of data breaches happen in a span of a few minutes and 83% remain undiscovered for weeks.
- The largest data breach ever recorded was in 2013 in Yahoo, Approximately, 5 billion Yahoo user’s phone number, birth dates, and security questions were hacked.
- 81% data breaches happen due to weak or stolen passwords.
- Over 40% attacks target small and medium-sized businesses.
- Of all the security breaches that take place, 11.95% occur due to a human error.
- 64% of companies admit to experiencing cyber attacks.
- 62% of companies have experienced phishing & social engineering attacks online.
- 59% of companies suffered hack by malicious code, malware, and botnets
- 51% of companies have confessed to experiencing denial of service attacks.
Source – Website Hosting Rating
Source – Cisco
Recent Data Breaches and Plugin Exploits
- Yahoo – In 2014, Yahoo suffered the worst attack that stole data of 500 million people. Moreover, the data included personal information such as names, dates of birth, telephone numbers and passwords.
- Alteryx – Alteryx suffered a data breach that left data of 123 million U.S households stolen. Most importantly, the data had as many as 248 fields of information ranging from addresses and income to ethnicity and personal interests.
- Equifax – In 2017, Equifax lost the data privacy of as many as 143 million customers. The data had sensitive info like credit card numbers and personally identifiable information.
- Marriott – A cyberattack on the J.W.Marriott chain of hotels left personal and banking data of 500 million guests compromised.
- British Airways – A pretty recent breach on Aviation biggie British Airways had financial details stolen. It affected as many as 380,000 passengers, who had made changed to their bookings.
- Capital One – In a more recent attack, on 19th of July 2019, a data breach on financial services company Capital One compromised personal details of 106 million people.
Source – Cisco
Recent Plugin Exploits
We already established that WordPress is the most exploited CMS out there. But, this is not to say that other CMS(s) are safe. Every CMS whether it is Magento, Joomla, Drupal, etc, each of them is equally hit by cyber-attacks. Moreover, when we diagnosed these attacks deeper, we found that it was plugins that largely caused these hacks. Most of these plugins remain unmaintained by the developers. As a result, plugin exploits on CMS have become quite constant in news as of now.
Following are only a few plugin exploits that happened lately and affected a major chunk of websites:
WordPress GDPR Plugin Exploit – The WordPress GDPR plugin was actively installed on thousands of website at the time it was exploited last year. Here are the complete details of the hack that took place.
- WordPress WP live chat plugin exploit –
Another plugin that affected most websites on WordPress was the WP-live chat support plugin. A cross-site scripting vulnerability had more than 60,000 websites compromised. Read more about it here.
- PrestaShop privilege escalation vulnerability –
Recently while examining one of our clients, we found a vulnerability in the PrestaShop add-on “Data Privacy Extended”. However, this was reported on time and saved 2500 websites from experiencing a brutal attack. More details of the exposure here.
Where are the hackers? – Hacking Statistics Country-wise
- Finland- 20.65%
Other Country-wise statistics include:
Hacking Statistics 2019 – CMS-wise
Hacking Statistics in WordPress
According to CVE Details, XSS (38.1%) remains the biggest threat in WordPress, followed by code execution (15.3%), and bypass something, gain info (12.7%) tying for the third spot.
Another important aspect of security is the tech stack that your CMS uses. The following graph shows the percentage of users on different PHP versions. Again, only 6.6% of the websites are using the updated 7.3 version of PHP, rest are still on vulnerable versions.
The next graph shows the reasons behind the hacks. As you can see, 56% of hacks have plugins have at the cause. Other causes include brute -force, core CMS, themes, hosting, file permissions, etc.
Hacking Statistics in Magento
Hacking Statistics in OpenCart
Hacking Statistics in PrestaShop
Hacking Statistics in Joomla
Joomla is the second most popular open-source CMS with a market share of 6.7%. The below graph of Joomla CVE shows that XSS is the most common vulnerability exploited by attackers
Hacking Statistics in Drupal
Drupal is the third most popular CMS with a market share of 4.7% & second most CMS (among top 3) after WordPress that offer free themes & plugins. Drupal is also know to be the most secure among other open source CMSs
Astra has been actively working towards ensuring a safe online experience for everyone. It has helped secure big brands like Gillette, FirstPost, Carrier, Invicta, Akeneo, Themecloud, Hotstar, Ford, etc. You can benefit from it too.