Security Audit

27+ Hacking Statistics & Top Data Breaches – WordPress, Magento, Drupal, Joomla, OpenCart & Prestashop

Updated on: June 3, 2024

27+ Hacking Statistics & Top Data Breaches – WordPress, Magento, Drupal, Joomla, OpenCart & Prestashop

Ailing with menaces like cybercrimes, data breaches, and privacy compromisations, the web has become quite a scary place to be. To give you an idea of how many people get hacked, we have compiled these hacking statistics 2023.

Still, we can’t deny the fact that the web also simplified our lives to an astonishing extent. However, it also threatens to harm severely if even the tiniest security bolt is left loose. The following hacking statistics are related to the web and its exploitation.

Top Hacking Statistics

Here are the top hacking statistics one needs to know: 

  1. According to IT Governance, nearly 4 million records were exposed in hacks as of March 2022. 
  2. The UK alone faces nearly 65,000 hacking attempts daily through SMEs. – Hiscox
  3. According to Security Magazine, every 39 seconds there is a hacker attack. 
  4. In 2022, Uber’s AWS account and corporate Slack account were hacked using a purchased corporate password used by a contractor.
  5. India’s biometric database Aadhar containing the personal data of almost every citizen (nearly 1.1 billion people) was exposed to a security breach.

Web Statistics 2023

Did you know that there are more than 1.98 billion websites on the internet? Or, Do you know the name of the first-ever website that came live? If the answer is negative, then read on, you are about to find some amazing facts here-

  • As of January 2023, there were 5.16 billion internet users all around the globe. 
  • At the end of 2016, there were 3.42 billion internet users. 
  • The largest numbers of internet users in the world are from Eastern Asia (1.2 billion), Southern Asia (1.02 billion) distantly followed by Europe (684.4 million), Africa (11%) & Latin/Caribbean America (10.4%)
  • The overall penetration rate of the globe is 55.1% as compared to 35% in 2013.
  • As of January 2023, there are over 1.98 billion websites on the internet. 
  • The first-ever website was, published on August 6, 1991, by Berners-Lee.
  • 51.8% of all traffic on the web comes from automated tools such as bots, botnets, scrapers, skimmers, etc. Only 48.2% of internet traffic comes from humans.
  • Over 280,000 WordPress sites were attacked using the WPgateway plugin zero-day vulnerability. – The Hacker News
  • Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. – ITthemes.
  • The first choice to build a CMS is WordPress, followed by Joomla and Drupal. WordPress has the largest market share and powers 33% of all the websites on the web.
  • 50K websites are hacked daily and every 39 seconds, there is an attack on the website. – DWG
  • 8% of WordPress sites are hacked due to weak passwords.
  • On March 20, 2022, a hacker group made a telegram post indicating that they had hacked Microsoft and compromised Cortana and Bing among other services. Microsoft blocked the attack by March 22, 2022. The data of only one customer was stolen.
  • 30,000 websites are hacked daily on a global basis. 
  • The website FriendFinder lost 412 million accounts after a hack- Wall Street Journal
  •  An increasing number of Indian websites have faced hacks with around 17,560 sites in 2018 and 26,121 sites in 2020

Hacking Statistics 2023

hacking statistics

These statistics are shocking, but it still does not quite answer the question of how many people get hacked on the web. Hence, here we are with more analysis and research on the matter. The threats look something like this in numbers:

  • 47% of SMBs have fallen victim to a cyberattack in 2022. –
  • 52% of the attacks confirmed were due to human error. –
  • In 2021, 18% of all attacks were mounted through vulnerabilities that were listed in 2013 or earlier.
  • The Shields healthcare data breach is the largest data breach reported in 2022 affecting over 2 million individuals.
  • According to a report, 41% of primary schools, 70% of secondary schools, and 92% of higher education colleges in the UK reported data breaches in 2022.
  • In the first half of 2022 the USA had 18 cyber attacks on schools.  
  • The Accellion FTA hack was the most damaging data breach of 2021, causing problems for 31 businesses and impacting over 5.6 million users according to information from Accellion and its clients. 
  • The average ransom demanded in 2020 from governmental-related organizations was $570,857, with over $1.75 million actually paid to hackers. 
  • 73% of cyberattacks are carried out for economic reasons. Further, the cost of cybercrime damages will reach $6 trillion (an increase $3 trillion from the previous year) annually by 2021.
  • Around 4000 ransomware attacks happen daily.
  • 1 out of every 131 emails has been found to contain malware.
  • Around 93% of data breaches happen in a span of a few minutes and 83% remain undiscovered for weeks.
  • The largest data breach ever recorded was in 2013 in Yahoo, Approximately, 5 billion Yahoo users’ phone numbers, birth dates, and security questions were hacked.
  • Alteryx suffered a data breach that left data of 123 million U.S households stolen. Most importantly, the data had as many as 248 fields of information ranging from addresses and income to ethnicity and personal interests.
  • In 2017, Equifax lost the data privacy of as many as 143 million customers. The data had sensitive info like credit card numbers and personally identifiable information.
  • A breach on British Airways had financial details stolen. It affected as many as 380,000 passengers, who had made changes to their bookings.
  • In this attack, on the 19th of July 2019, a data breach on financial services company Capital One compromised the personal details of 106 million people.
  • 81% of data breaches happen due to weak or stolen passwords.
  • Over 40% of attacks target small and medium-sized businesses.
  • Of all the security breaches that take place, 11.95% occur due to human error.
  • 64% of companies admit to experiencing cyber attacks.
  • 62% of companies have experienced phishing & social engineering attacks online.
  • 59% of companies suffered hack by malicious code, malware, and botnets
  • 51% of companies have confessed to experiencing denial-of-service attacks.
  • Every 39 seconds there is a hacker attack- Security Magazine
  • $3 billion worth of cryptocurrency was stolen in hacks till now.- TOI
  • A hacker used social engineering attack on Twilio and gained access to the company’s internal systems and the data of 125 customers. – Venturebeat
  • $29M was stolen from a fintech company named, Transit Finance by a hacker. – BIS
  • Colorado county lost $238K to hackers following a cyberattack. – Fox29.
  • 3 out of 4 attacks were launched through vulnerabilities that were exposed in or before 2017
  • In 2021, ethical hackers used Remote Desktop Protocol (RDP) for 70% of attacks to gain internal access. 
  • 80% of senior IT employees and security leaders believe that companies lack sufficient protection against cyber attacks, and 77% of them don’t have an incident response plan.
  • Private banks in India have reported 205 data breaches and state-owned banks reported 41 breaches.
  • A little more than 53% of all adults concede that working from home has made it much simpler for hackers and cybercriminals to trick people.
  • In April 2021, hackers took advantage of the U.S. Colonial Pipeline through a VPN that was lacking multi-factor authentication. In order to get access back, they had to pay a $5 million Bitcoin ransom
  • In February 2021, a hacker broke into the water filtration system in Oldsmar, Florida, and tried (but did not succeed) to contaminate the water. 
  • 95% of cybersecurity breaches are attributed to human error. (World Economic Forum)
  • Accenture’s Cybercrime study reveals that nearly 43% of cyber-attacks are targeted at SMBs.
  • Only 14% of these accounted SMBs are prepared to face such an attack.
  • In 2020, small businesses faced over 700,000 attacks which caused a total of $2.8 billion in damages.
  • In 80% of all hacking cases, compromised credentials or passwords are to blame.
  • A Cyber claims Study by NetDiligence evaluated 5,797 claims data from 2016 to 2020 and found 32% for ransomware affecting SMEs, 10% hacking, and another 9% for business email compromise to be the root cause of losses sustained.
  • Ransomware was the top cause of loss in SMEs at 51% of total incident cost followed by hacking at 18%.
  • 64% of all companies have experienced some form of cyberattack. 

Where are the hackers? – Hacking Statistics Country-wise 

We have understood that hacks are persistent all over the globe. And, that no one is safe. But, the question that was still unanswered was where these hackers come from.

The place where the biggest number of ransomware attacks originate from is the USA, with a share of 10%. Other eight countries that make a home to most hackers are- Turkey, Russia, Taiwan, Brazil, Romania, India, Italy, & Hungary.

Other Country-wise statistics include:

Not all countries give in to these prevalent hacks. They prepare and fight back. One such country is Canada. 

Canada ranks second as the best-prepared nation when it comes to cyberattacks, the first being the U.S.A. 

It is closely followed by Australia and Malaysia respectively. 

Countries that show comparatively less preparedness for cyberattacks are the Netherlands, Singapore, and Israel. 

Hacking Statistics 2023 – CMS-wise

Comparing the security of the various CMS with each other, here is how the picture presents:

Hacking Statistics in WordPress

WordPress’ plugin structure and easy usability make it a first choice. Of course, WordPress takes security very seriously and tries to be really one step ahead of the hacker.

  • Due to its popularity, WordPress faces about 90,000 attacks per minute. 
  • Nearly 8% of WordPress websites are hacked due to weak passwords. 
  • WordPress websites are highly susceptible to vulnerabilities when they aren’t updated regularly. 
  • Nearly 61% of attacked websites were outdated. 
  • 52% of WordPress vulnerabilities arise from outdated plugins. 
  • Nearly 42% of WordPress sites have at least one vulnerable component to it. 
  • Compared to WordPress facing 95.6% of attacks, OpenCart only faces 0.35% of cyber attacks.

Hacking Statistics in Magento

Magento is the most preferred choice for an e-commerce website. But, it has its share of attacks as well. 

  • Compared to other e-commerce sites, Magento faces 0.71% of attacks while WordPress faces the most number of threats at 95.6%.
  • In 2020, over 500 Magento sites were hacked in a payment skimmer attack. 
  • In 2022, a surge of cyber attacks was experienced by Adobe and Magento stores targeting the vulnerability CVE-2022-24086, a critical mail template vulnerability. 
  • Compared to other CMS, Joomla faces 2.03% cyber attacks. 
  • Drupal faces 0.83% attacks when compared to other CMS. 

Hacking Statistics Based On Type Of Attack

Hacks are usually carried out with different strategies, here are some of them: 

1. Social Engineering

  • Most COVID-19-related threats were spammy emails, comprising 65.7% of the total
  • Over the past year, scammers have defrauded 1 in 5 consumers. 4% of victims clicked on a fake COVID-19 contact tracing link, while 4% paid to get carbon tax relief money. 3% of people were duped into paying for an illegitimate COVID-19 vaccine. 
  • Since the start of the pandemic, 25% of all employees have seen more fraudulent emails in their work inboxes.
  • Social engineering attacks are 350% more common for employees of small businesses than at larger enterprises.

2. Ransomware

  • The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide.
  • 28% of critical infrastructure organizations were targeted by malicious ransomware attacks. These sectors included healthcare, financial services, government organizations, and more. 
  • Eleven percent of breaches in an IBM study were ransomware attacks, a 7.8% increase from 2021, for a growth rate of 41%. 
  • In June 2021, a Russian ransomware attack on JBS- the world’s largest meatpacking company- impacted nearly 10,000 workers and caused inflation in prices for meat.
  • If your small business falls victim to ransomware, there’s a 51% chance you’ll pay the fee.
  • 55% of ransomware hit businesses with fewer than 100 employees, while another 75% of attacks targeted companies making less than $50 million in revenue. 
  • 82% of ransomware attacks were targeted at companies with less than 1000 employees. 

3. Malware

  • Malware and ransomware are increasingly targeting businesses having claimed over 4.5k victims in 2021. 
  • 27% of malware breaches involve ransomware.
  • Compared to 2019, Malware attacks increased by 358%, and ransomware attacks increased by 435%.
  • Nearly thirty percent of phishing emails are opened increasing the chances of opening or downloading from malicious links that contain ransomware or malware.
  • 90% of all malware is spread through emails. 
  • 300,000 new pieces of malware are created daily. 

4. Phishing Attacks

  • 80% of reported cyber crimes are generally attributed to phishing attacks in the technology sector. 
  • 62% of attacks that did not stem from a cybersecurity error or misuse usually were carried out through the usage of stolen personal information obtained through phishing and or brute-force attacks. 

5. DDoS Attacks

  • Companies in the U.S., the U.K., and Canada were affected by the DDoS attacks on VOIP providers in 2022.
  • Kaspersky’s quarterly report reported nearly 57,116 DDoS attacks. 
  • HTTP DDoS attacks increased by 111% in 2022 from 2021 and Ransomware attacks increased by 67% during the same period.
  • As the September 26 elections for seats in parliament approached, hackers targeted the website of Germany’s Federal Returning Officer.


It is high time that we started preparing and investing in solid security measures. From implementing an effective firewall to regular security audits for your website, a security solution can lower your risks considerably.

Astra has been actively working towards ensuring a safe online experience for everyone. It has helped secure big brands like Gillette, FirstPost, Carrier, Invicta, Akeneo, Themecloud, Hotstar, Ford, etc. You can benefit from it too.

Take an Astra demo now!

Naman Rastogi

Naman Rastogi is a Growth hacker and digital marketer at Astra security. Working actively in cybersecurity for more than a year, Naman shares the passion for spreading awareness about cybersecurity amongst netizens. He is a regular reader of anything cybersecurity which he channelizes through the Astra blog. Naman is also a jack of all trade. He is certified in market analytics, content strategy, financial markets and more while working parallelly towards his passion i.e cybersecurity. When not hustling to find newer ways to spread awareness about cybersecurity, he can be found enjoying a game of ping pong or CSGO.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
Bandar Judi Bola
Bandar Judi Bola
4 years ago

Truly when someone doesn’t be aware of then its up to other visitors that they will assist, so here it happens.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany