Hacking Statistics & Top Data Breaches – WordPress, Magento, Drupal, Joomla, OpenCart & Prestashop

The worldwide web celebrated its 30th anniversary in March this year. A lot has changed since it first made an appearance. While addressing the celebratory event, inventor Berners-Lee said:
“The web is not the web we wanted in every respect.”

Ailing with menace like cybercrimes, data breaches, privacy compromisations, the web has become quite a scary place to be. To give you an idea of how many people get hacked, we have compiled these hacking statistics 2019.

Still, we can’t deny the fact that the web also simplified our lives to an astonishing extent. And to be honest, we can’t do without the internet now. However, as of 2019, it also threatens to harm severely if we left loose even the tiniest security bolt. Further, the pace with which websites are coming live still demands a reliable solution to this problem. The following stats related to the web and its exploitation points towards an alarming situation.

Web Statistics 2019

Did you know that there are more than 1.94 billion websites on the internet? Or, Do you know the name of the first-ever website that came live? If the answer is in the negative, then read on, you are about to find some amazing facts here-
  • As of January 1, 2019, there were 410066787 internet users all around the globe. An increase of 20% from being 3.42 billion at the end of 2016.
  • The largest numbers of internet users in the world are from Asia (49.7%) distantly followed by Europe (16.8%), Africa (11%) & Latin/Carribean America (10.4%)
  • The overall penetration rate of the globe is 55.1% as compared to 35% in 2013.
  • As of January 2019, there are over 1.94 billion websites on the internet. The first-ever website was info.cern.ch, published on August 6, 1991, by Berners-Lee.
  • 51.8% of all traffic on the web comes from automated tools such as bots, botnets, scrapers, skimmers, etc. Only 48.2% of internet traffic comes from humans.
  • The first choice to build a CMS is WordPress, followed by Joomla and Drupal. WordPress has the largest market share and powers 33% of all the websites on the web.

Source – Website Hosting Rating

The below table shows the growth rate of internet users over time

Number of Web Users

YearNumber of users (millions)% of World Population
199516 0.4
19981473.6
20015138.6
200481712.7
2007131920
2010197128.8
2013280839
2016369649.5
2019442257.3

Source – Internetworldstats

Internet Users in 2019

Hacking Statistics 2019

These statistics are shocking, but it still does not quite answer the question of how many people get hacked on the web. Hence, here we are with more analysis and research on the matter. The threats look something like this in numbers:
  • 73% cyberattacks are carried out for economic reasons. Further, the cost of cybercrime damages will reach $6 trillion (increase $3 trillion from the previous year) annually by 2021.
  • Around 4000 ransomware attacks happen daily.
  • 1 out of every 131 emails has been found to contain malware.
  • Around 93% of data breaches happen in a span of a few minutes and 83% remain undiscovered for weeks.
  • The largest data breach ever recorded was in 2013 in Yahoo, Approximately, 5 billion Yahoo user’s phone number, birth dates, and security questions were hacked.
  • 81% data breaches happen due to weak or stolen passwords.
  • Over 40% attacks target small and medium-sized businesses.
  • Of all the security breaches that take place, 11.95% occur due to a human error.
  • 64% of companies admit to experiencing cyber attacks.
  • 62% of companies have experienced phishing & social engineering attacks online.
  • 59% of companies suffered hack by malicious code, malware, and botnets
  • 51% of companies have confessed to experiencing denial of service attacks.

Source – Website Hosting Rating

Source – Cisco

Recent Data Breaches and Plugin Exploits

The recent chain of exploits and data breaches further prove how unsafe the cyberspace is. From data breaches on big names like Yahoo, British Airways, staff bank, Sephora, to plugin exploits on popular CMS like WordPress, Magento, etc, the list is never-ending. Data breaches on giants like these make us second-guess our decision to be on the web in the first place. Incidents of wild abuse of these stolen data and their adverse outcomes are not unheard of.

 

Related article – How Stock Performance is Impacted by Data Breach
Now it wouldn’t be possible to list each and every data breach and plugin exploit down. Yet I have listed below the ones that truly created havoc and made the most buzz-
  1. Yahoo – In 2014, Yahoo suffered the worst attack that stole data of 500 million people. Moreover, the data included personal information such as names, dates of birth, telephone numbers and passwords.
  2. Alteryx – Alteryx suffered a data breach that left data of 123 million U.S households stolen. Most importantly, the data had as many as 248 fields of information ranging from addresses and income to ethnicity and personal interests.
  3. Equifax – In 2017, Equifax lost the data privacy of as many as 143 million customers. The data had sensitive info like credit card numbers and personally identifiable information.
  4. Marriott – A cyberattack on the J.W.Marriott chain of hotels left personal and banking data of 500 million guests compromised.
  5. British Airways – A pretty recent breach on Aviation biggie British Airways had financial details stolen. It affected as many as 380,000 passengers, who had made changed to their bookings.
  6. Capital One – In a more recent attack, on 19th of July 2019, a data breach on financial services company Capital One compromised personal details of 106 million people.

Source – Cisco

Recent Plugin Exploits

We already established that WordPress is the most exploited CMS out there. But, this is not to say that other CMS(s) are safe. Every CMS whether it is Magento, Joomla, Drupal, etc, each of them is equally hit by cyber-attacks. Moreover, when we diagnosed these attacks deeper, we found that it was plugins that largely caused these hacks. Most of these plugins remain unmaintained by the developers. As a result, plugin exploits on CMS have become quite constant in news as of now.

Following are only a few plugin exploits that happened lately and affected a major chunk of websites:

  1. WordPress GDPR Plugin Exploit – The WordPress GDPR plugin was actively installed on thousands of website at the time it was exploited last year. Here are the complete details of the hack that took place. 

  2. WordPress WP live chat plugin exploit – 
    Another plugin that affected most websites on WordPress was the WP-live chat support plugin. A cross-site scripting vulnerability had more than 60,000 websites compromised. Read more about it here.
  3. PrestaShop privilege escalation vulnerability –
    Recently while examining one of our clients, we found a vulnerability in the PrestaShop add-on “Data Privacy Extended”. However, this was reported on time and saved 2500 websites from experiencing a brutal attack. More details of the exposure here.

Where are the hackers? – Hacking Statistics Country-wise 

We have understood that hacks are persistent all over the globe. And, that no one is safe. But, the question that was still unanswered was where do these hackers come from? When we researched the web a bit more, we found various studies on the same. I have reproduced some for you here –
The second place where the attacks originate from is the USA, with a share of 10%. Other eight countries that make a home to most hackers are- Turkey, Russia, Taiwan, Brazil, Romania, India, Italy, & Hungary.
Further, according to CompariTech, the countries which suffered the lowest infection rates are –
  1. Sweden-19.88%
  2. Finland- 20.65%
  3. Norway-21.63%.

Other Country-wise statistics include:

Further, the countries which were most hit by Ransomware were India- 9.6%, while the Russian Federation- 6.41% and Kazakhstan -5.75% being the runner ups.

 

Not all countries give in to these prevalent hacks. They prepare and fight back. One such country is Canada. Canada ranks first as the best-prepared nation when it comes to cyberattacks. And, it is closely followed by the USA and Brazil. Whereas countries that need to hone their cyber game the most are Belgium, Dominican Republic, and Hong Kong. Belgium is the least prepared nation if a cyber attack was about to strike.

 

Now, countries that have borne the maximum brunt of ransomware are India- 9.6%, followed by Russian Federation- 6.41% and Kazakhstan -5.75%. Whereas, The United States is a country that’s been most hit by cyber attacks. It has experienced a whopping 66% of the attacks followed by Brazil & Germany with only 5% each and the United Kingdom at an even lower 3%.
If we were to estimate the average cost of cybercrime to countries in the world, the following result would come up (Source: CompariTech)
Cybersecurity facts
Cybersecurity facts (Source: Everycloud)

Hacking Statistics 2019 – CMS-wise

Comparing the security of the various CMS with each other, here is how the picture presents:

Hacking Statistics in WordPress

WordPress’ plugin structure and easy usability make it a first choice. Of course, WordPress takes security very seriously and tries to be really one step ahead of the hacker. But, the CVE details show otherwise.

According to CVE Details, XSS (38.1%) remains the biggest threat in WordPress, followed by code execution (15.3%), and bypass something, gain info (12.7%) tying for the third spot.

The version graph reveals that only 36.1% of WordPress users are on the updated version 5.2. Shockingly 63.9% of websites are still on vulnerable versions.

Another important aspect of security is the tech stack that your CMS uses. The following graph shows the percentage of users on different PHP versions. Again, only 6.6% of the websites are using the updated 7.3 version of PHP,  rest are still on vulnerable versions.

The next graph shows the reasons behind the hacks. As you can see, 56% of hacks have plugins have at the cause. Other causes include brute -force, core CMS, themes, hosting, file permissions, etc.

Hacking Statistics in Magento

Magento is the most preferred choice for an e-commerce website. But, it has its share of attacks as well. Here are the CVE details of Magento. Again XSS (53.1%) came out to be the elephant in the room followed by code execution (12.5%) & Gain information (12.5%).
The complete share of each attack vector is mentioned respectively in the chart below-

Hacking Statistics in OpenCart

OpenCart is another popular CMS for e-commerce. The biggest threat that OpenCart faces is Remote code execution with a 45.5% share of all attacks. Other than that directory traversal and SQL injection equally threatens OpenCart with a share of 20% each.
Other attack vectors are mentioned in the chart below-

Hacking Statistics in PrestaShop

PrestaShop is a free and popular CMS for e-commerce. We went through the CVE details of PrestaShop and found that most attacks on PrestaShop happen via Cross-Site Scripting (40.1%).
The other attack vectors on PrestaShop are listed in the chart below-

Hacking Statistics in Joomla

Joomla is the second most popular open-source CMS with a market share of 6.7%. The below graph of Joomla CVE  shows that XSS is the most common vulnerability exploited by attackers

Hacking Statistics in Drupal

Drupal is the third most popular CMS with a market share of  4.7% & second most CMS (among top 3) after WordPress that offer free themes & plugins. Drupal is also know to be the most secure among other open source CMSs

Conclusion

As the usage of the web is going to soar and enter every arena of our lives, we need to stop and ponder about the security structure we are going to follow. It is high time that we started preparing and investing in solid security measures. From implementing an effective firewall to regular security audits for your website, a security solution can lower your risks considerably.

Astra has been actively working towards ensuring a safe online experience for everyone. It has helped secure big brands like Gillette, FirstPost, Carrier, Invicta, Akeneo, Themecloud, Hotstar, Ford, etc. You can benefit from it too.
Take an Astra demo now!

Was this post helpful?

  • Categories: CMS

Related Posts

Best Practices for Magento Opecart Prestashop Moodle

Cyber Attacks: How To Protect Your Brand Website Against Them

Joomla 3.7 found to be vulnerable to SQLi, update ASAP.

Steps to Secure Magento Admin Panel from Hackers & Bruteforcing [Magento 1 & Magento 2]

WordPress Code Injection

WordPress Sites at Risk From PHP Code Execution

6 Top Information Security Risks to Know About as You Prepare for 2019

6 Top Information Security Risks to Know About as You Prepare for 2019

How to Do Website Penetration Testing From the Start? (Includes checklist)

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Naman Rastogi

Naman is a Digital Marketer & Growth Hacker at Astra. A technology enthusiast with focused interest in website security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.