23 Jun One of Microsoft’s Websites Got Hacked
One of Microsoft’s Websites Got Hacked
In an article by Zack Whittaker of CBS, CNET and ZDNet, Microsoft’s website, Digital Constitution, which fights the U.S. government on matters of surveillance and policy has been hacked.
So far it seems unclear as to who is behind the hack. However, it seems unlikely that a major cyberattack from any particular group is behind the attack, since the hack looks like it was intended to inject content related to casino-related websites. Words like “blackjack, “casino”, and “roulette,” have been injected into the website probably in an attempt to garner greater search engine hits.
(Image: ZDNet/CBS Interactive)
It seems that the website was running WordPress 4.0.5, which is an older version of the popular WordPress platform. Currently, the latest WordPress version is 4.2.2. How to protect your WordPress website from hackers is a process that few website owners entertain. This latest breach only signifies the importance of ensuring your WordPress website is secure.
If it can happen to the big boys, it can happen to you!
Until Microsoft runs a complete audit of their website, how the hack occurred will remain a mystery. (They did remove most of the hacked content within an hour) Outdated plugins or a an outdated theme, if one was used, could also be one the causes of the security breach.
For example, even a quick look at their websites source code, which is publicly available, still shows an outdated plugin that could be used against them. The popular Yoast plugin is currently released under version 2.2.2. Digital Constitution is using version 2.2.1. This type of information being publicly displayed allows the hacker to easily identify potential entry points for their attacks. Hackers are always looking for this type of information in your website. It’s an open invitation for invasion.
The likely hacker who performed this attack, exploited the websites weakness to inject his own malicious content. Unless you are monitoring your website daily for attacks like this, you may not even know one has happened. The next thing you may know about it is that your web hosting company has shut down your website and you’re left scrambling trying to figure out what happened, and how to fix it. If you have no back up files…. holy @#$%.
What’s the cost of not backing up your WordPress website? Huge, as you are probably starting to contemplate. If Microsoft has not kept back up files on all their content, database and core files, they will be in for a long recovery process. One that typically will not restore the website to its pre-hacked version.
If Microsoft’s experience tells us anything, its that we all need protection in today’s digital world. Without it, we are all vulnerable and at risk of losing our investment and quite possibly a lot more.