33 percent of World’s top 1 Million sites are vulnerable to Hackers

A security firm name Menlo Security has published a report which says one in three domains of the world’s top websites are either vulnerable to hackers or they had been hacked. The report was released this week and it further says that even your most trusted websites are vulnerable to hackers. Most of those top websites had no idea about this vulnerability prior to this report. Which brings us to the possibility that many of these sites are already been hacked. 


The security firm has scanned the Alexa’s top 1 Million websites and found 33 percent of them with different vulnerabilities. The report further says that one-fifth of these 1million websites run software with known vulnerabilities. While more than one in twenty sites serve malware, spam or are part of a botnet.

The report doesn’t named the vulnerable sites but the shocking thing is this that these vulnerable websites are the most trusted sites among the visitors. which are related to Business,Health and medical, tech, government and many more which are putting their visitors to damaging malware.

Although the use of the Alexa data might be questionable, the Menlo study’s methodology was sound. They scanned 1.75 million URLs before checking each one against third party classification systems to see if it was reported as malicious, checking IP addresses against a reputation database, and issuing a web request to each URL so they could fingerprint the response and determine what software was in use. The results are astounding – the report found one in five sites are running software with known vulnerabilities, and one in twenty sites were identified by 3rd-party domain classification services as serving malware or spam, or are part of a botnet.

Key Findings of report

  • One in three of the top one million Alexa domains are “risky” – meaning thatthey’re either already compromised or running vulnerable software and therefore at risk of compromise by groups or individuals planning the next attack.
  • More than one in twenty sites, or six percent, were identified by 3rd-party domain classification services as serving malware, spam or are part of a botnet.
  • Over one-fifth (21%) of sites were running software with known vulnerabilities.
  • Of the 2.5 percent of sites that were “uncategorized,” a significant proportion (16%) were running vulnerable services.

Last month the world get to know that the Forbes.com has been hacked. The duration was unknown and the visitors of the site are infected by just going there with even clicking anywhere. Those visitors include some of the world’s top government and private organizations. Researchers noted that “watering hole attacks are insidious because it wouldn’t occur to anyone that these sites could be infected.”

WordPress is the world’s most used software for publishing, its Vulnerability was the key to hack Forbes, because the publishing software used by Forbes is WordPress. The vulnerability was detected last month eventually and malicious code was removed from the site.But this is just a overview for us that if trusted site like Forbes can be hacked then others are not safe either. It was the matter of time when they know they have been hacked. It can be after a day, a week or even a month.

Even through the organization are spending big on their cyber security programs to protect them from any possible breach. But spending big is not the answer for the problem because even after spending a staggering amount of $70 Billion on cyber security tools last year, we seen some very high profile security breaches last year.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top Suggestions To Minimize Cyber Attack Risks

The Cyber Protection and Cyber Attack definition play an important role in maintaining both global security and operational productivity due to the rapid proliferation...

Policing the Dark Web (TOR): How Authorities track People on Darknet

The darknet, especially the TOR network, can be hacked, or the information of the people using it can be extracted in the plain text....

Best VPNs for Android – and Why You Need One Now

Most people protect their laptops and computers from potential cyber-attacks but only consider the cybersecurity of their mobile devices when it’s too late. In recent...

The Levels of the Internet Surface Web, Deep Web, and Dark Web

The internet, invented by Vinton Cerf and Bob Cahn, has evolved since its creation in the 1960s. In 1990, the World Wide Web transformed...


Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.